Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WVuXCNNYG0.exe

Overview

General Information

Sample name:WVuXCNNYG0.exe
renamed because original name is a hash value
Original sample name:5b0d552a08e6eb471f4e487850e9cb67.exe
Analysis ID:1570260
MD5:5b0d552a08e6eb471f4e487850e9cb67
SHA1:c50781da99d8ddecdecfb178a31c50f5058c689e
SHA256:9a1f48d7d46330d1ff34092ed6118cbfdf48e615cc86c47f09fe6c28e066ed3d
Tags:exeuser-abuse_ch
Infos:

Detection

Python Stealer
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Yara detected Generic Python Stealer
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info

Classification

Process Tree

  • System is w10x64
  • WVuXCNNYG0.exe (PID: 5828 cmdline: "C:\Users\user\Desktop\WVuXCNNYG0.exe" MD5: 5B0D552A08E6EB471F4E487850E9CB67)
    • WVuXCNNYG0.exe (PID: 1020 cmdline: "C:\Users\user\Desktop\WVuXCNNYG0.exe" MD5: 5B0D552A08E6EB471F4E487850E9CB67)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: WVuXCNNYG0.exe PID: 1020JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: WVuXCNNYG0.exeReversingLabs: Detection: 44%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
    Source: WVuXCNNYG0.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2230594186.00007FF8A8C84000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2228304714.00007FF8A81FF000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: cryptography_rust.pdbc source: WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:33:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: WVuXCNNYG0.exe, 00000002.00000002.2229497516.00007FF8A8722000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-3.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: WVuXCNNYG0.exe, 00000002.00000002.2229497516.00007FF8A8722000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-3.dll.0.dr
    Source: Binary string: crypto\bn\bn_ctx.cBN_CTX_startBN_CTX_getossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcrypto\evp\digest.cevp_md_ctx_new_exevp_md_ctx_free_algctxevp_md_init_internalEVP_DigestUpdatesizeEVP_DigestFinal_exassertion failed: mdsize <= EVP_MAX_MD_SIZEEVP_DigestFinalXOFxoflenEVP_MD_CTX_copy_exEVP_MD_CTX_ctrlmicalgssl3-msblocksizexofalgid-absentevp_md_from_algorithmupdatecrypto\evp\m_sigver.cUNDEFdo_sigver_initEVP_DigestSignUpdateEVP_DigestVerifyUpdateEVP_DigestSignFinalEVP_DigestSignEVP_DigestVerifyFinalEVP_DigestVerifycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Fri Oct 18 00:15:00 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2235581065.00007FF8B8AF6000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\engine\tb_digest.cENGINE_get_digestcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2123814383.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2238590342.00007FF8BA501000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: WVuXCNNYG0.exe, 00000000.00000003.2123814383.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2238590342.00007FF8BA501000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2228689751.00007FF8A833E000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2231945657.00007FF8A9281000.00000002.00000001.01000000.00000027.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: WVuXCNNYG0.exe, 00000002.00000002.2231945657.00007FF8A9281000.00000002.00000001.01000000.00000027.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2123979939.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2234186413.00007FF8B6025000.00000002.00000001.01000000.00000028.sdmp, VCRUNTIME140_1.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2236954251.00007FF8B8CB3000.00000002.00000001.01000000.0000000E.sdmp, select.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2238310251.00007FF8B9F71000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2236315795.00007FF8B8B37000.00000002.00000001.01000000.0000000B.sdmp, _hashlib.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: D:\a\1\b\libssl-3.pdbEE source: WVuXCNNYG0.exe, 00000002.00000002.2232369597.00007FF8A9355000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2237312729.00007FF8B8F8C000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2234287262.00007FF8B6172000.00000002.00000001.01000000.00000023.sdmp, _uuid.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2234948311.00007FF8B7DE8000.00000002.00000001.01000000.00000014.sdmp, _asyncio.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2235226258.00007FF8B7E52000.00000002.00000001.01000000.00000010.sdmp, pyexpat.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2235699562.00007FF8B8B03000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2237312729.00007FF8B8F8C000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2237723018.00007FF8B93CD000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2236546935.00007FF8B8C14000.00000002.00000001.01000000.0000000F.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: WVuXCNNYG0.exe, 00000002.00000002.2232049110.00007FF8A92B3000.00000002.00000001.01000000.00000026.sdmp, win32api.pyd.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2232049110.00007FF8A92B3000.00000002.00000001.01000000.00000026.sdmp, win32api.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2235990728.00007FF8B8B19000.00000002.00000001.01000000.0000000D.sdmp, _socket.pyd.0.dr
    Source: Binary string: cryptography_rust.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2236546935.00007FF8B8C14000.00000002.00000001.01000000.0000000F.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2234838130.00007FF8B78BF000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2221057867.000002935D700000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: WVuXCNNYG0.exe, 00000000.00000003.2123979939.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2234186413.00007FF8B6025000.00000002.00000001.01000000.00000028.sdmp, VCRUNTIME140_1.dll.0.dr
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2232369597.00007FF8A9355000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2235060838.00007FF8B7E0D000.00000002.00000001.01000000.00000012.sdmp, _ssl.pyd.0.dr
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECC83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF65ECC83B0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECC92F0 FindFirstFileExW,FindClose,0_2_00007FF65ECC92F0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF65ECE18E4
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: global trafficHTTP traffic detected: GET /bababa31692_token.txt HTTP/1.1Host: 163.5.242.208User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /6931506959_chat.txt HTTP/1.1Host: 163.5.242.208User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: - https://www.facebook.com/groups/ equals www.facebook.com (Facebook)
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: d- https://www.facebook.com/groups/ equals www.facebook.com (Facebook)
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223467040.00000293604E0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FB33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223237169.00000293601A0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2225071689.00000293618A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://163.5.242.208/6931506959_chat.txt
    Source: WVuXCNNYG0.exe, 00000002.00000002.2225071689.00000293618A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://163.5.242.208/6931506959_chat.txtp
    Source: WVuXCNNYG0.exe, 00000002.00000002.2225071689.00000293618A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://163.5.242.208/bababa31692_token.txt
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223237169.00000293601A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://163.5.242.208/bababa31692_token.txtssl-modules
    Source: WVuXCNNYG0.exe, 00000002.00000002.2224164340.0000029360A83000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223611473.0000029360710000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223744398.00000293608C1000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222458754.000002935FA60000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223744398.0000029360844000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
    Source: WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
    Source: WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co6
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8420000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125485997.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125631512.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124478751.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125485997.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125631512.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124478751.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125485997.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125631512.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124478751.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8420000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125485997.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125631512.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124478751.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: WVuXCNNYG0.exe, 00000002.00000003.2153493966.000002935F584000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221708862.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2156147536.000002935F713000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155332830.000002935F713000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2153493966.000002935F713000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
    Source: WVuXCNNYG0.exe, 00000002.00000003.2155332830.000002935F584000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2153230620.000002935FBA9000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155016679.000002935FBA5000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2153230620.000002935FB3C000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221708862.000002935F550000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155120482.000002935FBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221089086.000002935D7F2000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221089086.000002935D7F2000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221708862.000002935F550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlz
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FCEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FCEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8420000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125485997.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125631512.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124478751.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125485997.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125631512.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124478751.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125485997.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125631512.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124478751.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: _asyncio.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125485997.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125631512.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124478751.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223611473.0000029360710000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223744398.0000029360844000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223744398.00000293608C1000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223744398.0000029360844000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223467040.00000293604E0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223611473.0000029360710000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2224524056.0000029360F20000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FB33000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2224715174.0000029361530000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222458754.000002935FAAA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2224628373.00000293610B0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FE3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223467040.00000293604E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223393659.00000293603A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
    Source: WVuXCNNYG0.exe, 00000002.00000003.2155593037.000002935FA85000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222929132.000002935FE80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
    Source: WVuXCNNYG0.exe, 00000002.00000003.2155593037.000002935FA85000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222929132.000002935FE80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
    Source: WVuXCNNYG0.exe, 00000002.00000003.2155593037.000002935FA85000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222929132.000002935FE80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
    Source: WVuXCNNYG0.exe, 00000002.00000002.2224628373.00000293610B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FCEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/post
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json
    Source: WVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/jsonr
    Source: WVuXCNNYG0.exe, 00000002.00000002.2224628373.00000293610B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.eso
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125485997.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125631512.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124478751.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8420000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125485997.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125631512.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124478751.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8420000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125485997.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125631512.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124478751.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125485997.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125631512.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124478751.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222378201.000002935F960000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222298706.000002935F850000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223744398.00000293608C1000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223538168.0000029360610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://python.org
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223744398.0000029360889000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python.org/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223744398.00000293608C1000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223538168.0000029360610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://python.org:80
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FCEC000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223611473.000002936071A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223744398.0000029360889000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
    Source: WVuXCNNYG0.exe, 00000002.00000002.2224715174.0000029361530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223467040.00000293604E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
    Source: WVuXCNNYG0.exe, 00000002.00000002.2224164340.0000029360A83000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223611473.000002936071A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlm
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222378201.000002935F960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221708862.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2224164340.0000029360A83000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222458754.000002935FA60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125485997.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125631512.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2124478751.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FB96000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221439503.000002935F350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
    Source: WVuXCNNYG0.exe, 00000002.00000003.2156036074.000002935FBDD000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
    Source: WVuXCNNYG0.exe, 00000002.00000002.2224164340.0000029360A83000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223611473.000002936071A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
    Source: WVuXCNNYG0.exe, 00000002.00000002.2224164340.0000029360A83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223744398.00000293608C1000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223538168.0000029360610000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FE3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://127.0.0.1:8443
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://account.riotgames.com/api/account/v1/user
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.reddit.com/api/access_token
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServer
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.hypixel.net/player?key=aa5d84c7-f617-4069-9e64-ae177cd7b869&uuid=
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.namemc.com/profile/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/IPlayerService/GetOwnedGames/v0001/?key=440D7F4D810EF9298D25EDDF37C1F90
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/IPlayerService/GetSteamLevel/v1/?key=440D7F4D810EF9298D25EDDF37C1F902&s
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=440D7F4D810EF9298D25EDDF37C1F9
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://battle.net
    Source: METADATA.0.drString found in binary or memory: https://blog.jaraco.com/skeleton
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222458754.000002935FAAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.pR
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222458754.000002935FAAA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2224628373.00000293610B0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue37179
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223155884.00000293600A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://catbox.moe/user/api.php
    Source: WVuXCNNYG0.exe, WVuXCNNYG0.exe, 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crafatar.com/skins/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223744398.00000293608C1000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223538168.0000029360610000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FE3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223744398.00000293608C1000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FE3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.3
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/users/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/guilds/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/users/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.gg/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2224628373.00000293610B0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/customizi
    Source: WVuXCNNYG0.exe, 00000002.00000003.2152412130.000002935F603000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221708862.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2153493966.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2152107762.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2151400000.000002935F5FB000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155332830.000002935F5DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FB33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FB33000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2224628373.00000293610B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop.html
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221206067.000002935F010000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
    Source: WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221206067.000002935F08C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
    Source: WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221206067.000002935F08C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
    Source: WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221206067.000002935F08C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
    Source: WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221206067.000002935F08C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221349855.000002935F250000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221349855.000002935F250000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
    Source: WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221206067.000002935F08C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221089086.000002935D7F2000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2149384287.000002935D845000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2149121381.000002935D84C000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2149356711.000002935D834000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2149565724.000002935D83F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2149590189.000002935D84B000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
    Source: METADATA.0.drString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FB96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
    Source: METADATA.0.drString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ebay.com
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://epicgames.com
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://file.io/
    Source: WVuXCNNYG0.exe, 00000000.00000003.2127291721.0000023CD8418000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127076686.0000023CD8416000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127193224.0000023CD8418000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://filepreviews.io/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://friends.roblox.com/v1/users/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222929132.000002935FE80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
    Source: WVuXCNNYG0.exe, 00000002.00000003.2148030935.000002935F35A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221439503.000002935F350000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
    Source: WVuXCNNYG0.exe, 00000002.00000002.2224628373.00000293610B0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/aio-libs/aiohttp/discussions/6044
    Source: METADATA.0.drString found in binary or memory: https://github.com/astral-sh/ruff
    Source: WVuXCNNYG0.exe, 00000002.00000002.2224715174.0000029361530000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223992066.0000029360A41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
    Source: WVuXCNNYG0.exe, 00000002.00000003.2153493966.000002935F584000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222929132.000002935FE80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
    Source: WVuXCNNYG0.exe, 00000002.00000002.2232163859.00007FF8A92C1000.00000002.00000001.01000000.00000026.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2231987079.00007FF8A9292000.00000002.00000001.01000000.00000027.sdmp, win32api.pyd.0.dr, pywintypes312.dll.0.drString found in binary or memory: https://github.com/mhammond/pywin32
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222929132.000002935FE80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223538168.0000029360610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
    Source: WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
    Source: WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
    Source: WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/9253
    Source: METADATA2.0.drString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222378201.000002935F960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223237169.00000293601A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223072937.000002935FF80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223155884.00000293600A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
    Source: METADATA2.0.drString found in binary or memory: https://github.com/pypa/wheel
    Source: METADATA2.0.drString found in binary or memory: https://github.com/pypa/wheel/issues
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs)
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/blob/main/.github/CONTRIBUTING.md)
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1328)
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1329)
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1330)
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FB33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/136
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FB96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/251
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FB33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/428
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/wiki/Extensions-to-attrs)
    Source: WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221206067.000002935F08C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
    Source: WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
    Source: WVuXCNNYG0.exe, 00000002.00000003.2148030935.000002935F35A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221439503.000002935F350000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
    Source: WVuXCNNYG0.exe, 00000002.00000003.2152412130.000002935F603000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221708862.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2151307504.000002935FAB0000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2153493966.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2151373997.000002935F718000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2152107762.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155332830.000002935F5DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
    Source: WVuXCNNYG0.exe, 00000002.00000002.2224524056.0000029360F20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/pull/118960
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222458754.000002935FAAA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2224628373.00000293610B0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/pull/28073
    Source: METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata
    Source: METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
    Source: METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
    Source: METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata/issues
    Source: METADATA0.0.drString found in binary or memory: https://github.com/sponsors/hynek
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/sponsors/hynek).
    Source: WVuXCNNYG0.exe, 00000002.00000003.2148030935.000002935F35A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221439503.000002935F350000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223393659.00000293603A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223467040.00000293604E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223467040.00000293604E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/32902
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FCEC000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222458754.000002935FA60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gql.twitch.tv/gql
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FCEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://hynek.me/articles/import-attrs/)
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.instagram.com/api/v1/accounts/current_user/?edit=true
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.instagram.com/api/v1/users/
    Source: METADATA.0.drString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
    Source: METADATA.0.drString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
    Source: METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
    Source: METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
    Source: METADATA.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/
    Source: METADATA.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222378201.000002935F960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://inventory.roblox.com/v1/users/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/json
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
    Source: WVuXCNNYG0.exe, 00000000.00000003.2127291721.0000023CD8418000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127076686.0000023CD8416000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127193224.0000023CD8418000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://klaviyo.com/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://krakenfiles.com/api/v1/file/upload
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://leagueoflegends.com
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222458754.000002935FA60000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155184034.000002935FA94000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155016679.000002935FB7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223744398.0000029360844000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauth.reddit.com/api/v1/me
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223237169.00000293601A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223237169.00000293601A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223237169.00000293601A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/All
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223155884.00000293600A0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223237169.00000293601A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://paypal.com
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222298706.000002935F850000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2230594186.00007FF8A8C84000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://peps.python.org/pep-0649/)
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://peps.python.org/pep-0749/)-implementing
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://playstation.com
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://pypi.org/project/attrs/)
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223237169.00000293601A0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223072937.000002935FF80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
    Source: METADATA.0.drString found in binary or memory: https://pypi.org/project/importlib_metadata
    Source: METADATA2.0.drString found in binary or memory: https://pypi.org/project/setuptools/
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://raw.githubusercontent.com/python-attrs/attrs/main/docs/_static/attrs_logo.svg
    Source: METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reddit.com
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222929132.000002935FE80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223538168.0000029360610000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223538168.0000029360610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.ioxe0;e
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://riotgames.com
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://s.optifine.net/capes/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223237169.00000293601A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
    Source: WVuXCNNYG0.exe, 00000002.00000003.2150122276.000002935F66F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2150053922.000002935F715000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2151400000.000002935F5FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
    Source: WVuXCNNYG0.exe, 00000002.00000003.2150122276.000002935F62B000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2152412130.000002935F603000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2150053922.000002935F715000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221708862.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2153493966.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2150471052.000002935F6AE000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2152107762.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2150122276.000002935F69D000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2151400000.000002935F5FB000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155332830.000002935F5DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222216726.000002935F750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
    Source: WVuXCNNYG0.exe, 00000002.00000003.2150053922.000002935F6D5000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2150053922.000002935F715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:
    Source: WVuXCNNYG0.exe, 00000002.00000003.2150053922.000002935F6D5000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2150053922.000002935F715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;Nr
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://skype.com
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://spotify.com
    Source: WVuXCNNYG0.exe, 00000002.00000002.2224715174.0000029361530000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223992066.0000029360A41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://stackoverflow.com/questions/tagged/python-attrs)
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/blxstealer
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).
    Source: METADATA.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
    Source: METADATA.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221708862.000002935F550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223744398.0000029360844000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
    Source: WVuXCNNYG0.exe, 00000002.00000002.2224164340.0000029360A83000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222458754.000002935FA60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221708862.000002935F5DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitch.tv
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221439503.000002935F376000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/home
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/i/api/1.1/account/update_profile.json
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/i/api/1.1/account/update_profile.jsonc
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uguu.se/api.php?d=upload
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223467040.00000293604E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223393659.00000293603A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://users.roblox.com/v1/users/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webcast.tiktok.com/webcast/wallet_api/diamond_buy/permission/?aid=1988
    Source: METADATA2.0.drString found in binary or memory: https://wheel.readthedocs.io/
    Source: METADATA2.0.drString found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
    Source: WVuXCNNYG0.exe, 00000002.00000003.2153230620.000002935FBA9000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155016679.000002935FBA5000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155143724.000002935FBA5000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2156036074.000002935FB9B000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FB96000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2153230620.000002935FB3C000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155120482.000002935FBBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
    Source: LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
    Source: LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
    Source: METADATA0.0.drString found in binary or memory: https://www.attrs.org/
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/)
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/
    Source: WVuXCNNYG0.exe, 00000000.00000003.2127291721.0000023CD8418000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127076686.0000023CD8416000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127193224.0000023CD8418000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/FilePreviews.svg
    Source: WVuXCNNYG0.exe, 00000000.00000003.2127291721.0000023CD8418000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127076686.0000023CD8416000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127193224.0000023CD8418000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Klaviyo.svg
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Tidelift.svg
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Variomedia.svg
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/latest/names.html)
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/changelog.html
    Source: METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/changelog.html)
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/comparison.html#customization)
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/init.html#hooking-yourself-into-initialization)
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/why.html#data-classes)
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221349855.000002935F250000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/3clo0b3x6nfajqm27kvx6/exodus.asar?rlkey=200tiyus0rc0u3u4j9kf517l0&st=
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221349855.000002935F250000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/xtt2n593d5n4svefktjhy/atomic.asar?rlkey=5refutaevle4aapp0p6hgn7q1&st=
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.guilded.gg/api/me
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222458754.000002935FAAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
    Source: WVuXCNNYG0.exe, 00000002.00000002.2230187160.00007FF8A8863000.00000002.00000001.01000000.0000000C.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2232416506.00007FF8A9390000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.openssl.org/H
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223237169.00000293601A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.patreon.com/api/current_user?include=connected_socials%2Ccampaign.connected_socials&json
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222458754.000002935FA60000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155184034.000002935FA94000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155016679.000002935FB7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
    Source: METADATA2.0.drString found in binary or memory: https://www.python.org/dev/peps/pep-0427/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221206067.000002935F010000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/ftp/python/3.12.6/python-3.12.6-amd64.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2231301428.00007FF8A8DF4000.00000008.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2230594186.00007FF8A8C84000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/)
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/user/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221708862.000002935F5DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.roblox.com/mobileapi/userinfo
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.spotify.com/api/account-settings/v1/profile
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.spotify.com/eg-en/api/account/v1/datalayer/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/api/user/list/?count=1&minCursor=0&scene=67&secUid=
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/passport/web/account/info/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.twitch.tv/
    Source: WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.variomedia.de/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/d
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xbox.com
    Source: WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FCEC000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECC10000_2_00007FF65ECC1000
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECC8BD00_2_00007FF65ECC8BD0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE5C700_2_00007FF65ECE5C70
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE69D40_2_00007FF65ECE69D4
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE09380_2_00007FF65ECE0938
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECD88040_2_00007FF65ECD8804
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECD1FD00_2_00007FF65ECD1FD0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECD17B00_2_00007FF65ECD17B0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE97980_2_00007FF65ECE9798
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECDDF600_2_00007FF65ECDDF60
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE411C0_2_00007FF65ECE411C
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE18E40_2_00007FF65ECE18E4
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECC98700_2_00007FF65ECC9870
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECD36100_2_00007FF65ECD3610
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECD1DC40_2_00007FF65ECD1DC4
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECDE5E00_2_00007FF65ECDE5E0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECD5DA00_2_00007FF65ECD5DA0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECD9F100_2_00007FF65ECD9F10
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE5EEC0_2_00007FF65ECE5EEC
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECD1BC00_2_00007FF65ECD1BC0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECCA34B0_2_00007FF65ECCA34B
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECCAD1D0_2_00007FF65ECCAD1D
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECCA4E40_2_00007FF65ECCA4E4
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE09380_2_00007FF65ECE0938
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE64880_2_00007FF65ECE6488
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECD2C800_2_00007FF65ECD2C80
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE3C800_2_00007FF65ECE3C80
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECD3A140_2_00007FF65ECD3A14
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECD21D40_2_00007FF65ECD21D4
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECD19B40_2_00007FF65ECD19B4
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECD81540_2_00007FF65ECD8154
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECDDACC0_2_00007FF65ECDDACC
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A7FE1FB02_2_00007FF8A7FE1FB0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A7FE23E02_2_00007FF8A7FE23E0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A7FF48102_2_00007FF8A7FF4810
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A7FF45C02_2_00007FF8A7FF45C0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A80033002_2_00007FF8A8003300
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8003A302_2_00007FF8A8003A30
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A80224902_2_00007FF8A8022490
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A80229B02_2_00007FF8A80229B0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8022EB02_2_00007FF8A8022EB0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A80235202_2_00007FF8A8023520
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8021D702_2_00007FF8A8021D70
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8021FE02_2_00007FF8A8021FE0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8031D302_2_00007FF8A8031D30
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A80321202_2_00007FF8A8032120
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8041F002_2_00007FF8A8041F00
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A80421E02_2_00007FF8A80421E0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8061F802_2_00007FF8A8061F80
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A80723802_2_00007FF8A8072380
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8071D302_2_00007FF8A8071D30
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A80722702_2_00007FF8A8072270
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A80822802_2_00007FF8A8082280
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8081D302_2_00007FF8A8081D30
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A80921502_2_00007FF8A8092150
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A80A1FE02_2_00007FF8A80A1FE0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: String function: 00007FF65ECC2710 appears 52 times
    Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: python3.dll.0.drStatic PE information: No import functions for PE file found
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2123814383.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125485997.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2123979939.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125631512.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000000.00000003.2124478751.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exeBinary or memory string: OriginalFilename vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2232163859.00007FF8A92C1000.00000002.00000001.01000000.00000026.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2228746373.00007FF8A8370000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2235756776.00007FF8B8B06000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2234326958.00007FF8B6174000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2237068665.00007FF8B8CB6000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2231878293.00007FF8A8F1D000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2236673868.00007FF8B8C17000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2230187160.00007FF8A8863000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2235150243.00007FF8B7E29000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2235632897.00007FF8B8AFB000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2235303047.00007FF8B7E5D000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2232416506.00007FF8A9390000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamelibsslH vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2238687288.00007FF8BA507000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2237586690.00007FF8B8F95000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2238397257.00007FF8B9F7C000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2237871814.00007FF8B93D2000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2234878391.00007FF8B78CB000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2231987079.00007FF8A9292000.00000002.00000001.01000000.00000027.sdmpBinary or memory string: OriginalFilenamepywintypes312.dll0 vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2236410758.00007FF8B8B3E000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2228541271.00007FF8A8204000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2236080312.00007FF8B8B23000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221057867.000002935D700000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2234992136.00007FF8B7DEF000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs WVuXCNNYG0.exe
    Source: WVuXCNNYG0.exe, 00000002.00000002.2234226070.00007FF8B6029000.00000002.00000001.01000000.00000028.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs WVuXCNNYG0.exe
    Source: classification engineClassification label: mal56.troj.winEXE@3/109@0/2
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282Jump to behavior
    Source: WVuXCNNYG0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: WVuXCNNYG0.exe, 00000002.00000002.2228689751.00007FF8A833E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223155884.00000293600A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT item1, item2 FROM metadata;
    Source: WVuXCNNYG0.exe, 00000002.00000002.2228689751.00007FF8A833E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
    Source: WVuXCNNYG0.exe, 00000002.00000002.2228689751.00007FF8A833E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
    Source: WVuXCNNYG0.exe, 00000002.00000002.2228689751.00007FF8A833E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
    Source: WVuXCNNYG0.exe, WVuXCNNYG0.exe, 00000002.00000002.2228689751.00007FF8A833E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
    Source: WVuXCNNYG0.exe, 00000002.00000002.2228689751.00007FF8A833E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT a11, a102 FROM nssPrivate WHERE a102 = ?;
    Source: WVuXCNNYG0.exe, 00000002.00000002.2228689751.00007FF8A833E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
    Source: WVuXCNNYG0.exeReversingLabs: Detection: 44%
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile read: C:\Users\user\Desktop\WVuXCNNYG0.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\WVuXCNNYG0.exe "C:\Users\user\Desktop\WVuXCNNYG0.exe"
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeProcess created: C:\Users\user\Desktop\WVuXCNNYG0.exe "C:\Users\user\Desktop\WVuXCNNYG0.exe"
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeProcess created: C:\Users\user\Desktop\WVuXCNNYG0.exe "C:\Users\user\Desktop\WVuXCNNYG0.exe"Jump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: libffi-8.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: libcrypto-3.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: libssl-3.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: sqlite3.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: pdh.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: wtsapi32.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: pywintypes312.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
    Source: WVuXCNNYG0.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: WVuXCNNYG0.exeStatic file information: File size 18166844 > 1048576
    Source: WVuXCNNYG0.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: WVuXCNNYG0.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: WVuXCNNYG0.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: WVuXCNNYG0.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: WVuXCNNYG0.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: WVuXCNNYG0.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: WVuXCNNYG0.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: WVuXCNNYG0.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2230594186.00007FF8A8C84000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2228304714.00007FF8A81FF000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: cryptography_rust.pdbc source: WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:33:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: WVuXCNNYG0.exe, 00000002.00000002.2229497516.00007FF8A8722000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-3.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: WVuXCNNYG0.exe, 00000002.00000002.2229497516.00007FF8A8722000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-3.dll.0.dr
    Source: Binary string: crypto\bn\bn_ctx.cBN_CTX_startBN_CTX_getossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcrypto\evp\digest.cevp_md_ctx_new_exevp_md_ctx_free_algctxevp_md_init_internalEVP_DigestUpdatesizeEVP_DigestFinal_exassertion failed: mdsize <= EVP_MAX_MD_SIZEEVP_DigestFinalXOFxoflenEVP_MD_CTX_copy_exEVP_MD_CTX_ctrlmicalgssl3-msblocksizexofalgid-absentevp_md_from_algorithmupdatecrypto\evp\m_sigver.cUNDEFdo_sigver_initEVP_DigestSignUpdateEVP_DigestVerifyUpdateEVP_DigestSignFinalEVP_DigestSignEVP_DigestVerifyFinalEVP_DigestVerifycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Fri Oct 18 00:15:00 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2125130651.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2235581065.00007FF8B8AF6000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\engine\tb_digest.cENGINE_get_digestcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2123814383.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2238590342.00007FF8BA501000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: WVuXCNNYG0.exe, 00000000.00000003.2123814383.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2238590342.00007FF8BA501000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2228689751.00007FF8A833E000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2231945657.00007FF8A9281000.00000002.00000001.01000000.00000027.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: WVuXCNNYG0.exe, 00000002.00000002.2231945657.00007FF8A9281000.00000002.00000001.01000000.00000027.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2125051379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2123979939.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2234186413.00007FF8B6025000.00000002.00000001.01000000.00000028.sdmp, VCRUNTIME140_1.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2236954251.00007FF8B8CB3000.00000002.00000001.01000000.0000000E.sdmp, select.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2238310251.00007FF8B9F71000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2124806379.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2236315795.00007FF8B8B37000.00000002.00000001.01000000.0000000B.sdmp, _hashlib.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: D:\a\1\b\libssl-3.pdbEE source: WVuXCNNYG0.exe, 00000002.00000002.2232369597.00007FF8A9355000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2237312729.00007FF8B8F8C000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2125754223.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2234287262.00007FF8B6172000.00000002.00000001.01000000.00000023.sdmp, _uuid.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2124094161.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2234948311.00007FF8B7DE8000.00000002.00000001.01000000.00000014.sdmp, _asyncio.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2235226258.00007FF8B7E52000.00000002.00000001.01000000.00000010.sdmp, pyexpat.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2125222219.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2235699562.00007FF8B8B03000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2124919336.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2237312729.00007FF8B8F8C000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2124206178.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2237723018.00007FF8B93CD000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2236546935.00007FF8B8C14000.00000002.00000001.01000000.0000000F.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: WVuXCNNYG0.exe, 00000002.00000002.2232049110.00007FF8A92B3000.00000002.00000001.01000000.00000026.sdmp, win32api.pyd.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2232049110.00007FF8A92B3000.00000002.00000001.01000000.00000026.sdmp, win32api.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: WVuXCNNYG0.exe, 00000000.00000003.2125337045.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2235990728.00007FF8B8B19000.00000002.00000001.01000000.0000000D.sdmp, _socket.pyd.0.dr
    Source: Binary string: cryptography_rust.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: WVuXCNNYG0.exe, 00000000.00000003.2125892750.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2236546935.00007FF8B8C14000.00000002.00000001.01000000.0000000F.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2234838130.00007FF8B78BF000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2221057867.000002935D700000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: WVuXCNNYG0.exe, 00000000.00000003.2123979939.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2234186413.00007FF8B6025000.00000002.00000001.01000000.00000028.sdmp, VCRUNTIME140_1.dll.0.dr
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2232369597.00007FF8A9355000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: WVuXCNNYG0.exe, 00000002.00000002.2235060838.00007FF8B7E0D000.00000002.00000001.01000000.00000012.sdmp, _ssl.pyd.0.dr
    Source: WVuXCNNYG0.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: WVuXCNNYG0.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: WVuXCNNYG0.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: WVuXCNNYG0.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: WVuXCNNYG0.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: python312.dll.0.drStatic PE information: section name: PyRuntim
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
    Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
    Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_uuid.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\VCRUNTIME140.dllJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_curve448.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\sqlite3.dllJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\libssl-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\libffi-8.dllJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\multidict\_multidict.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_websocket\reader_c.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\yarl\_quoting_c.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_cffi_backend.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_http_writer.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\frozenlist\_frozenlist.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_http_parser.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\VCRUNTIME140_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32\pywintypes312.dllJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\propcache\_helpers_c.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\libcrypto-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_curve25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_websocket\mask.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECC5820 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF65ECC5820
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_uuid.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_curve448.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\multidict\_multidict.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_websocket\reader_c.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\yarl\_quoting_c.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_cffi_backend.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_http_writer.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\frozenlist\_frozenlist.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_http_parser.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\propcache\_helpers_c.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_curve25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_websocket\mask.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17350
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile Volume queried: \Device\CdRom0\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECC83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF65ECC83B0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECC92F0 FindFirstFileExW,FindClose,0_2_00007FF65ECC92F0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF65ECE18E4
    Source: WVuXCNNYG0.exe, 00000000.00000003.2127997617.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dqemu-ga
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fvmwaretray
    Source: WVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxservice
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwareuser
    Source: WVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmmouse.sysz
    Source: WVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwareuserz
    Source: WVuXCNNYG0.exe, 00000002.00000002.2221439503.000002935F376000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: WVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmsrvc
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fvboxservice
    Source: WVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwaretray
    Source: WVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Tools
    Source: WVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmhgfs.sysr
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fvboxtray
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fvmtoolsd
    Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2157610499.000002935FD6B000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxtray
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2157610499.000002935FD6B000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: qemu-ga
    Source: WVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmware
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: wfqemu
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 4fvmware
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fVMware
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2157610499.000002935FD6B000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmusrvc
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dvmhgfs.sys
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmhgfs.sys
    Source: WVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwarez
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dVMware Tools
    Source: WVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmtoolsd
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fvmwareuser
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Dfvmsrvc
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fvmusrvc
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmmouse.sys
    Source: WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dvmmouse.sys
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECDA684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF65ECDA684
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE34F0 GetProcessHeap,0_2_00007FF65ECE34F0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECCC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF65ECCC910
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECDA684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF65ECDA684
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECCD37C SetUnhandledExceptionFilter,0_2_00007FF65ECCD37C
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECCD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF65ECCD19C
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A7FE1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A7FE1960
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A7FE1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A7FE1390
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A7FF1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A7FF1390
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A7FF1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A7FF1960
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8001A80 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8001A80
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8001030 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8001030
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8021390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8021390
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8021960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8021960
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8031390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8031390
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8031960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8031960
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8041390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8041390
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8041960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8041960
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8051390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8051390
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8051960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8051960
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8061390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8061390
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8061960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8061960
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8071390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8071390
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8071960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8071960
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8081390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8081390
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8081960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8081960
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8091390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8091390
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A8091960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8091960
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A80A1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A80A1390
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A80A1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A80A1960
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 2_2_00007FF8A80CADB8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A80CADB8
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeProcess created: C:\Users\user\Desktop\WVuXCNNYG0.exe "C:\Users\user\Desktop\WVuXCNNYG0.exe"Jump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE95E0 cpuid 0_2_00007FF65ECE95E0
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Util VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_websocket VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\attrs-24.2.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\attrs-24.2.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\attrs-24.2.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\attrs-24.2.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\certifi VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\charset_normalizer VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\_ctypes.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\_bz2.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\_hashlib.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\_wmi.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\pyexpat.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\jaraco VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\_asyncio.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\_overlapped.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\_sqlite3.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeQueries volume information: C:\Users\user\Desktop\WVuXCNNYG0.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECCD080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF65ECCD080
    Source: C:\Users\user\Desktop\WVuXCNNYG0.exeCode function: 0_2_00007FF65ECE5C70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF65ECE5C70

    Stealing of Sensitive Information

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: WVuXCNNYG0.exe PID: 1020, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: WVuXCNNYG0.exe PID: 1020, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
    Windows Management Instrumentation    		1
    DLL Side-Loading    		11
    Process Injection    		1
    Virtualization/Sandbox Evasion    		OS Credential Dumping2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    Native API    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		11
    Process Injection    		LSASS Memory31
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    Deobfuscate/Decode Files or Information    		Security Account Manager1
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared Drive1
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Obfuscated Files or Information    		NTDS1
    Process Discovery    		Distributed Component Object ModelInput Capture1
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    DLL Side-Loading    		LSA Secrets1
    File and Directory Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials24
    System Information Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    WVuXCNNYG0.exe45%ReversingLabsWin64.Trojan.Generic

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_MD2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_MD4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_MD5.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA1.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA224.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA256.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA384.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA512.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_keccak.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_poly1305.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Math\_modexp.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_curve25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_curve448.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Util\_strxor.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\VCRUNTIME140.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\VCRUNTIME140_1.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_asyncio.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_bz2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_ctypes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_decimal.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_hashlib.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_lzma.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_multiprocessing.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_overlapped.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_queue.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_socket.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_sqlite3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_ssl.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_uuid.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\_wmi.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_http_parser.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_http_writer.cp312-win_amd64.pyd0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy0%Avira URL Cloudsafe
    https://www.attrs.org/en/stable/why.html#data-classes)0%Avira URL Cloudsafe
    https://api.namemc.com/profile/0%Avira URL Cloudsafe
    https://filepreviews.io/0%Avira URL Cloudsafe
    https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).0%Avira URL Cloudsafe
    https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file0%Avira URL Cloudsafe
    https://wwww.certigna.fr/autorites/0m0%Avira URL Cloudsafe
    https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:0%Avira URL Cloudsafe
    https://www.attrs.org/en/stable/changelog.html0%Avira URL Cloudsafe
    https://www.variomedia.de/0%Avira URL Cloudsafe
    https://www.attrs.org/0%Avira URL Cloudsafe
    http://www.accv.es000%Avira URL Cloudsafe
    http://ocsp.accv.eso0%Avira URL Cloudsafe
    http://www.firmaprofesional.com/cps00%Avira URL Cloudsafe
    https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).0%Avira URL Cloudsafe
    http://cacerts.digicert.co0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://account.riotgames.com/api/account/v1/userWVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://github.com/pyca/cryptography/issues/8996WVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmpfalse
        		high
        https://github.com/astral-sh/ruffMETADATA.0.drfalse
          		high
          https://github.com/giampaolo/psutil/issues/875.WVuXCNNYG0.exe, 00000002.00000002.2224715174.0000029361530000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223992066.0000029360A41000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://github.com/python-attrs/attrs/issues/251WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FB96000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesWVuXCNNYG0.exe, 00000002.00000002.2222216726.000002935F750000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svgMETADATA.0.drfalse
                  		high
                  https://github.com/aio-libs/aiohttp/discussions/6044WVuXCNNYG0.exe, 00000002.00000002.2224628373.00000293610B0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/python/importlib_metadata/issuesMETADATA.0.drfalse
                      		high
                      https://paypal.comWVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        http://python.orgWVuXCNNYG0.exe, 00000002.00000002.2223744398.00000293608C1000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223538168.0000029360610000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#WVuXCNNYG0.exe, 00000002.00000003.2148030935.000002935F35A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221439503.000002935F350000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://wheel.readthedocs.io/en/stable/news.htmlMETADATA2.0.drfalse
                              		high
                              https://github.com/sponsors/hynekMETADATA0.0.drfalse
                                		high
                                https://oauth.reddit.com/api/v1/meWVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://importlib-metadata.readthedocs.io/METADATA.0.drfalse
                                    		high
                                    https://store.steampowered.comWVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      http://goo.gl/zeJZl.WVuXCNNYG0.exe, 00000002.00000002.2224628373.00000293610B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.apache.org/licenses/LICENSE-2.0LICENSE.APACHE.0.drfalse
                                          		high
                                          https://ebay.comWVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://packaging.python.org/en/latest/specifications/core-metadata/WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://epicgames.comWVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64WVuXCNNYG0.exe, 00000002.00000003.2152412130.000002935F603000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221708862.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2153493966.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2152107762.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2151400000.000002935F5FB000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155332830.000002935F5DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://github.com/pypa/packagingWVuXCNNYG0.exe, 00000002.00000002.2222378201.000002935F960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.dropbox.com/scl/fi/3clo0b3x6nfajqm27kvx6/exodus.asar?rlkey=200tiyus0rc0u3u4j9kf517l0&st=WVuXCNNYG0.exe, 00000002.00000002.2221349855.000002935F250000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://readthedocs.org/projects/importlib-metadata/badge/?version=latestMETADATA.0.drfalse
                                                        		high
                                                        https://refspecs.linuxfoundation.org/elf/gabi4WVuXCNNYG0.exe, 00000002.00000002.2222929132.000002935FE80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://api.namemc.com/profile/WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://discord.com/api/v9/users/WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ipinfo.io/jsonWVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://blog.jaraco.com/skeletonMETADATA.0.drfalse
                                                                  		high
                                                                  https://github.com/python-attrs/attrs/issues/136WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FB33000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://tools.ietf.org/html/rfc3610WVuXCNNYG0.exe, 00000002.00000002.2223744398.0000029360844000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://github.com/platformdirs/platformdirsWVuXCNNYG0.exe, 00000002.00000002.2222929132.000002935FE80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://crl.dhimyotis.com/certignarootca.crlWVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://curl.haxx.se/rfc/cookie_spec.htmlWVuXCNNYG0.exe, 00000002.00000002.2223467040.00000293604E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodeWVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdMETADATA2.0.drfalse
                                                                                		high
                                                                                https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:WVuXCNNYG0.exe, 00000002.00000003.2150053922.000002935F6D5000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2150053922.000002935F715000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://catbox.moe/user/api.phpWVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameWVuXCNNYG0.exe, 00000002.00000002.2221206067.000002935F010000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyWVuXCNNYG0.exe, 00000002.00000002.2223467040.00000293604E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://github.com/python-attrs/attrs/issues/1330)WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                      		high
                                                                                      https://pypi.org/project/build/).WVuXCNNYG0.exe, 00000002.00000002.2223237169.00000293601A0000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223072937.000002935FF80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.3WVuXCNNYG0.exe, 00000002.00000002.2223744398.00000293608C1000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FE3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2WVuXCNNYG0.exe, 00000002.00000002.2223744398.00000293608C1000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223538168.0000029360610000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FE3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://wwww.certigna.fr/autorites/0mWVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://github.com/pypa/wheelMETADATA2.0.drfalse
                                                                                              		high
                                                                                              https://www.python.org/dev/peps/pep-0427/METADATA2.0.drfalse
                                                                                                		high
                                                                                                https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerWVuXCNNYG0.exe, 00000002.00000003.2148030935.000002935F35A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221439503.000002935F350000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://instagram.comWVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/python/cpython/issues/86361.WVuXCNNYG0.exe, 00000002.00000003.2152412130.000002935F603000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221708862.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2151307504.000002935FAB0000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2153493966.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2151373997.000002935F718000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2152107762.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155332830.000002935F5DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://mail.python.org/pipermail/python-dev/2012-June/120787.html.WVuXCNNYG0.exe, 00000002.00000002.2224628373.00000293610B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://httpbin.org/WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.apache.org/licenses/LICENSE.APACHE.0.drfalse
                                                                                                            		high
                                                                                                            https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-fileWVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleWVuXCNNYG0.exe, 00000002.00000002.2221349855.000002935F250000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesWVuXCNNYG0.exe, 00000002.00000002.2221349855.000002935F250000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://filepreviews.io/WVuXCNNYG0.exe, 00000000.00000003.2127291721.0000023CD8418000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127076686.0000023CD8416000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127193224.0000023CD8418000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://twitch.tvWVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.attrs.org/en/stable/why.html#data-classes)WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2127019660.0000023CD8421000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://img.shields.io/badge/skeleton-2024-informationalMETADATA.0.drfalse
                                                                                                                    		high
                                                                                                                    https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-theWVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://github.com/pypa/setuptools/issues/417#issuecomment-392298401WVuXCNNYG0.exe, 00000002.00000002.2223072937.000002935FF80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://crl.securetrust.com/STCA.crlWVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FD89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tools.ietf.org/html/rfc6125#section-6.4.3WVuXCNNYG0.exe, 00000002.00000002.2223467040.00000293604E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.attrs.org/en/stable/changelog.htmlWVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://discord.com/api/v6/guilds/WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://ip-api.com/jsonrWVuXCNNYG0.exe, 00000002.00000003.2157320272.000002935FD31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.variomedia.de/WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://www.cert.fnmt.es/dpcs/WVuXCNNYG0.exe, 00000002.00000002.2221708862.000002935F5DA000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://google.com/mailWVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FCEC000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://img.shields.io/pypi/v/importlib_metadata.svgMETADATA.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://github.com/jaraco/jaraco.functools/issues/5WVuXCNNYG0.exe, 00000002.00000003.2153493966.000002935F584000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222929132.000002935FE80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.accv.es00WVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://www.rfc-editor.org/info/rfc7253WVuXCNNYG0.exe, 00000002.00000002.2224164340.0000029360A83000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223611473.000002936071A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://github.com/pyca/cryptography/issuesWVuXCNNYG0.exe, 00000002.00000002.2225994360.00007FF8A741A000.00000002.00000001.01000000.00000029.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FBF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.attrs.org/METADATA0.0.drfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://mahler:8092/site-updates.pyWVuXCNNYG0.exe, 00000002.00000002.2222458754.000002935FA60000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155184034.000002935FA94000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2155016679.000002935FB7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://tools.ietf.org/html/rfc7231#section-4.3.6)WVuXCNNYG0.exe, 00000002.00000002.2221708862.000002935F5DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://ocsp.accv.esoWVuXCNNYG0.exe, 00000002.00000002.2223659305.000002936078A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://discord.gg/WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://ip-api.com/jsonWVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).WVuXCNNYG0.exe, 00000000.00000003.2126892634.0000023CD841A000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000000.00000003.2126923052.0000023CD8413000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://127.0.0.1:8443WVuXCNNYG0.exe, 00000002.00000002.2223744398.00000293608C1000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2223538168.0000029360610000.00000004.00001000.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FE3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.firmaprofesional.com/cps0WVuXCNNYG0.exe, 00000002.00000002.2222553286.000002935FB96000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221439503.000002935F350000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specWVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000002.2221206067.000002935F08C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://github.com/urllib3/urllib3/issues/2920WVuXCNNYG0.exe, 00000002.00000002.2223393659.00000293603A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://crl.securetrust.com/SGCA.crl0WVuXCNNYG0.exe, 00000002.00000002.2222776888.000002935FCEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_dataWVuXCNNYG0.exe, 00000002.00000002.2221089086.000002935D7F2000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2149384287.000002935D845000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2149121381.000002935D84C000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2149356711.000002935D834000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2149565724.000002935D83F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2149590189.000002935D84B000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147867585.000002935F35F000.00000004.00000020.00020000.00000000.sdmp, WVuXCNNYG0.exe, 00000002.00000003.2147893056.000002935F356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://friends.roblox.com/v1/users/WVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://twitter.com/i/api/1.1/account/update_profile.jsoncWVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.spotify.com/api/account-settings/v1/profileWVuXCNNYG0.exe, 00000002.00000002.2223316281.00000293602A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22METADATA.0.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://cacerts.digicert.coWVuXCNNYG0.exe, 00000000.00000003.2124635387.0000023CD8413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown

                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                            Public IPs

                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                            163.5.242.208
                                                                                                                                                                            		unknownFrance
                                                                                                                                                                            		56339EPITECHFRfalse

                                                                                                                                                                            Private

                                                                                                                                                                            IP
                                                                                                                                                                            127.0.0.1

                                                                                                                                                                            General Information

                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                            Analysis ID:1570260
                                                                                                                                                                            Start date and time:2024-12-06 17:45:27 +01:00
                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                            Overall analysis duration:0h 7m 50s
                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                            Report type:full
                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                            Number of analysed new started processes analysed:5
                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                            Technologies:
                                                                                                                                                                            • HCA enabled
                                                                                                                                                                            • EGA enabled
                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                            Sample name:WVuXCNNYG0.exe
                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                            Original Sample Name:5b0d552a08e6eb471f4e487850e9cb67.exe
                                                                                                                                                                            Detection:MAL
                                                                                                                                                                            Classification:mal56.troj.winEXE@3/109@0/2
                                                                                                                                                                            EGA Information:
                                                                                                                                                                            • Successful, ratio: 50%
                                                                                                                                                                            HCA Information:
                                                                                                                                                                            • Successful, ratio: 57%
                                                                                                                                                                            • Number of executed functions: 40
                                                                                                                                                                            • Number of non-executed functions: 140
                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                            Warnings

                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                            • Execution Graph export aborted for target WVuXCNNYG0.exe, PID 1020 because there are no executed function
                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                            • VT rate limit hit for: WVuXCNNYG0.exe

                                                                                                                                                                            Simulations

                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                            No simulations

                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                            IPs

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            163.5.242.208dipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                            • 163.5.242.208/7236785358_chat.txt

                                                                                                                                                                            Domains

                                                                                                                                                                            No context

                                                                                                                                                                            ASNs

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            EPITECHFRdipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                            • 163.5.242.208
                                                                                                                                                                            105vjMVwfJ.dllGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                            • 163.5.169.26
                                                                                                                                                                            7RDTQuL8WF.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                            • 163.5.169.26
                                                                                                                                                                            botx.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 163.5.176.64
                                                                                                                                                                            spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 163.5.130.180
                                                                                                                                                                            m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 163.5.176.71
                                                                                                                                                                            sora.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 163.5.152.99
                                                                                                                                                                            SecuriteInfo.com.Win32.MalwareX-gen.20028.17631.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                            • 163.5.160.86
                                                                                                                                                                            jNA5BK2z12.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                            • 163.5.160.86
                                                                                                                                                                            la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 163.5.63.254

                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                            No context

                                                                                                                                                                            Dropped Files

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_ARC4.pyddipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                              ROh2ijuEpr.exeGet hashmaliciousBabuk, ContiBrowse
                                                                                                                                                                                zed.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  back.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    zed.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousPython Stealer, Amadey, LummaC Stealer, Nymaim, StealcBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, CryptbotBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, XWormBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11264
                                                                                                                                                                                                Entropy (8bit):4.640339306680604
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dLklddyTHThob0q/tJRrlDfNYSOcqgYCWt:ZgcdZq/JJD6gRWt
                                                                                                                                                                                                MD5:BCD8CAAF9342AB891BB1D8DD45EF0098
                                                                                                                                                                                                SHA1:EE7760BA0FF2548F25D764F000EFBB1332BE6D3E
                                                                                                                                                                                                SHA-256:78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
                                                                                                                                                                                                SHA-512:8B6FB53AECB514769985EBFDAB1B3C739024597D9C35905E04971D5422256546F7F169BF98F9BAF7D9F42A61CFF3EE7A20664989D3000773BF5EDA10CB3A0C24
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                • Filename: dipwo1iToJ.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: ROh2ijuEpr.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: zed.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: back.ps1, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: zed.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                Entropy (8bit):5.0194545642425075
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:4t/1nCuqaL0kt7AznuRmceS4lDFhAlcqgcLg:F/k1ACln4lDogcLg
                                                                                                                                                                                                MD5:F19CB847E567A31FAB97435536C7B783
                                                                                                                                                                                                SHA1:4C8BFE404AF28C1781740E7767619A5E2D2FF2B7
                                                                                                                                                                                                SHA-256:1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
                                                                                                                                                                                                SHA-512:382DC205F703FC3E1F072F17F58E321E1A65B86BE7D9D6B07F24A02A156308A7FEC9B1A621BA1F3428FD6BB413D14AE9ECB2A2C8DD62A7659776CFFDEBB6374C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13312
                                                                                                                                                                                                Entropy (8bit):5.037456384995606
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDw6a9lkOcqgRGd:p/kpMIodrXbsiDS95gRGd
                                                                                                                                                                                                MD5:DC14677EA8A8C933CC41F9CCF2BEDDC1
                                                                                                                                                                                                SHA1:A6FB87E8F3540743097A467ABE0723247FDAF469
                                                                                                                                                                                                SHA-256:68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
                                                                                                                                                                                                SHA-512:3ABA4CFCBBE4B350AB3230D488BD75186427E3AAAF38D19E0E1C7330F16795AD77FB6E26FF39AF29EAF4F5E8C42118CB680F90AFBFCA218AEDA64DC444675BA2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14336
                                                                                                                                                                                                Entropy (8bit):5.09191874780435
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:rMVsiXeqVb0lIb0Pj5Jdfpm68WZDInU282tacqgYLg:rM7ali0Pj5JxCaDuUlgYLg
                                                                                                                                                                                                MD5:C09BB8A30F0F733C81C5C5A3DAD8D76D
                                                                                                                                                                                                SHA1:46FD3BA87A32D12F4EE14601D1AD73B78EDC81D1
                                                                                                                                                                                                SHA-256:8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
                                                                                                                                                                                                SHA-512:691AC74FAE930E9CEABE782567EFB99C50DD9B8AD607DD7F99A5C7DF2FA2BEB7EDFE2EBB7095A72DA0AE24E688FBABD340EAE8B646D5B8C394FEE8DDD5E60D31
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):36352
                                                                                                                                                                                                Entropy (8bit):6.541423493519083
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:f/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxme:klcR7JriEbwDaS4j990th9VDBV
                                                                                                                                                                                                MD5:0AB25F99CDAACA6B11F2ECBE8223CAD5
                                                                                                                                                                                                SHA1:7A881B3F84EF39D97A31283DE6D7B7AE85C8BAE6
                                                                                                                                                                                                SHA-256:6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
                                                                                                                                                                                                SHA-512:11E89EEF34398DF3B144A0303E08B3A4CAF41A9A8CA618C18135F561731F285F8CF821D81179C2C45F6EEB0E496D9DD3ECF6FF202A3C453C80AFEF8582D06C17
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15360
                                                                                                                                                                                                Entropy (8bit):5.367749645917753
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:YiJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bD9JXx03cqg5YUMLgs:/k1kTMZEjCWNaA2DTx0g5YUMLg
                                                                                                                                                                                                MD5:B6EA675C3A35CD6400A7ECF2FB9530D1
                                                                                                                                                                                                SHA1:0E41751AA48108D7924B0A70A86031DDE799D7D6
                                                                                                                                                                                                SHA-256:76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
                                                                                                                                                                                                SHA-512:E31FD33E1ED6D4DA3957320250282CFD9EB3A64F12DE4BD2DFE3410F66725164D96B27CAA34C501D1A535A5A2442D5F070650FD3014B4B92624EE00F1C3F3197
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                Entropy (8bit):5.41148259289073
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:w3d9FkHaz0EJvrj+CYuz7ucc9dG7otDr22KcqgOiewZjW:YkHEJzj+X6769lDzagO/w
                                                                                                                                                                                                MD5:F14E1AA2590D621BE8C10321B2C43132
                                                                                                                                                                                                SHA1:FD84D11619DFFDF82C563E45B48F82099D9E3130
                                                                                                                                                                                                SHA-256:FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
                                                                                                                                                                                                SHA-512:A86B9DF163007277D26F2F732ECAB9DBCA8E860F8B5809784F46702D4CEA198824FDEF6AB98BA7DDC281E8791C10EABA002ABDA6F975323B36D5967E0443C1E4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):20992
                                                                                                                                                                                                Entropy (8bit):6.041302713678401
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:kUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8NDBcxgprAM:6NbRzWXwDqgLa1uBfP
                                                                                                                                                                                                MD5:B127CAE435AEB8A2A37D2A1BC1C27282
                                                                                                                                                                                                SHA1:2A7BF8BF7F24B2381370BA6B41FB640EE42BDCCD
                                                                                                                                                                                                SHA-256:538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
                                                                                                                                                                                                SHA-512:4FE027E46D5132CA63973C67BD5394F2AC74DD4BBCFE93CB16136FAB4B6BF67BECB5A0D4CA359FF9426DA63CA81F793BBF1B79C8A9D8372C53DCB5796D17367E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):24576
                                                                                                                                                                                                Entropy (8bit):6.530656045206549
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:cEDwUBi9SPu71omZXmrfXA+UA10ol31tuXVYdAgYj:FsUBXmoEXmrXA+NNxWFYfo
                                                                                                                                                                                                MD5:2E15AA6F97ED618A3236CFA920988142
                                                                                                                                                                                                SHA1:A9D556D54519D3E91FA19A936ED291A33C0D1141
                                                                                                                                                                                                SHA-256:516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
                                                                                                                                                                                                SHA-512:A6C75C4A285753CC94E45500E8DD6B6C7574FB7F610FF65667F1BEC8D8B413FC10514B7D62F196C2B8D017C308C5E19E2AEF918021FA81D0CB3D8CED37D8549A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                Entropy (8bit):4.7080156150187396
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:lF/1n7Guqaj0ktfEJwX1fYwCODR3lncqg0Gd6l:RGXkJEm1feODxDg0Gd6
                                                                                                                                                                                                MD5:40390F2113DC2A9D6CFAE7127F6BA329
                                                                                                                                                                                                SHA1:9C886C33A20B3F76B37AA9B10A6954F3C8981772
                                                                                                                                                                                                SHA-256:6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
                                                                                                                                                                                                SHA-512:617B963816838D649C212C5021D7D0C58839A85D4D33BBAF72C0EC6ECD98B609080E9E57AF06FA558FF302660619BE57CC974282826AB9F21AE0D80FBAA831A1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12800
                                                                                                                                                                                                Entropy (8bit):5.159963979391524
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:kblRgfeqfz0RP767fB4A84DgVD6eDcqgzbkLgmf:BwRj67p84Dg6eVgzbkLgmf
                                                                                                                                                                                                MD5:899895C0ED6830C4C9A3328CC7DF95B6
                                                                                                                                                                                                SHA1:C02F14EBDA8B631195068266BA20E03210ABEABC
                                                                                                                                                                                                SHA-256:18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
                                                                                                                                                                                                SHA-512:0B4C50E40AF92BC9589668E13DF417244274F46F5A66E1FC7D1D59BC281969BA319305BECEA119385F01CC4603439E4B37AFA2CF90645425210848A02839E3E7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14848
                                                                                                                                                                                                Entropy (8bit):5.270418334522813
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:vktJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDZVMcqgnF6+6Lg:vkdU1ID3AdXd49urQPDggnUjLg
                                                                                                                                                                                                MD5:C4C525B081F8A0927091178F5F2EE103
                                                                                                                                                                                                SHA1:A1F17B5EA430ADE174D02ECC0B3CB79DBF619900
                                                                                                                                                                                                SHA-256:4D86A90B2E20CDE099D6122C49A72BAE081F60EB2EEA0F76E740BE6C41DA6749
                                                                                                                                                                                                SHA-512:7C06E3E6261427BC6E654B2B53518C7EAA5F860A47AE8E80DC3F8F0FED91E122CB2D4632188DC44123FB759749B5425F426CD1153A8F84485EF0491002B26555
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):56832
                                                                                                                                                                                                Entropy (8bit):4.231032526864278
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:0qcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZA21agVF:fEiqHHx4vZDV
                                                                                                                                                                                                MD5:F9E266F763175B8F6FD4154275F8E2F0
                                                                                                                                                                                                SHA1:8BE457700D58356BC2FA7390940611709A0E5473
                                                                                                                                                                                                SHA-256:14D2799BE604CBDC668FDE8834A896EEE69DAE0E0D43B37289FCCBA35CEF29EC
                                                                                                                                                                                                SHA-512:EB3E37A3C3FF8A65DEF6FA20941C8672A8197A41977E35AE2DC6551B5587B84C2703758320559F2C93C0531AD5C9D0F6C36EC5037669DC5CE78EB3367D89877B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):57344
                                                                                                                                                                                                Entropy (8bit):4.252429732285762
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:J4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZGsURygUX:GEO6CHnX0vZb7
                                                                                                                                                                                                MD5:DECF524B2D53FCD7D4FA726F00B3E5FC
                                                                                                                                                                                                SHA1:E87C6ED4004F2772B888C5B5758AA75FE99D2F6F
                                                                                                                                                                                                SHA-256:58F7053EE70467D3384C73F299C0DFD63EEF9744D61D1980D9D2518974CA92D4
                                                                                                                                                                                                SHA-512:EAFF4FD80843743E61CE635FBADF4E5D9CF2C3E97F3C48350BD9E755F4423AC6867F9FE8746BD5C54E1402B18E8A55AEEF7ACA098C7CF4186DC4C1235EB35DF2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10240
                                                                                                                                                                                                Entropy (8bit):4.690163963718492
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Yddz2KTnThIz0qfteRY4zp+D3PLui8p1cqgHCWt:k2E9RqfCXp+D3juRpLgiWt
                                                                                                                                                                                                MD5:80BB1E0E06ACAF03A0B1D4EF30D14BE7
                                                                                                                                                                                                SHA1:B20CAC0D2F3CD803D98A2E8A25FBF65884B0B619
                                                                                                                                                                                                SHA-256:5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
                                                                                                                                                                                                SHA-512:2A13AB6715B818AD62267AB51E55CD54714AEBF21EC9EA61C2AEFD56017DC84A6B360D024F8682A2E105582B9C5FE892ECEBD2BEF8A492279B19FFD84BC83FA5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22016
                                                                                                                                                                                                Entropy (8bit):6.1215844022564285
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:nUX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8xCkgJrAm:jNbRw8EbxwKBwbD+gLa1nh
                                                                                                                                                                                                MD5:3727271FE04ECB6D5E49E936095E95BC
                                                                                                                                                                                                SHA1:46182698689A849A8C210A8BF571D5F574C6F5B1
                                                                                                                                                                                                SHA-256:3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
                                                                                                                                                                                                SHA-512:5BED1F4DF678FE90B8E3F1B7C4F68198463E579209B079CB4A40DCAC01CE26AA2417DBE029B196F6F2C6AFAD560E2D1AF9F089ABE37EAD121CA10EE69D9659ED
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17920
                                                                                                                                                                                                Entropy (8bit):5.293810509074883
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:4PHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgDQ3iNgnVbwhA:dUOhBcDRogeXOfoTezcio3pUJgDQ3i+
                                                                                                                                                                                                MD5:78AEF441C9152A17DD4DC40C7CC9DF69
                                                                                                                                                                                                SHA1:6BB6F8426AFA6522E647DFC82B1B64FAF3A9781F
                                                                                                                                                                                                SHA-256:56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
                                                                                                                                                                                                SHA-512:27B27E77BE81B29D42359FE28531225383860BCD19A79044090C4EA58D9F98009A254BF63585979C60B3134D47B8233941ABB354A291F23C8641A4961FA33107
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11776
                                                                                                                                                                                                Entropy (8bit):4.862619033406922
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:0Ga+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDULk+VOmWbucX6gR7:PF/1n7Guqaj0ktfEON+bMDUlJcqg0Gd
                                                                                                                                                                                                MD5:19E0ABF76B274C12FF624A16713F4999
                                                                                                                                                                                                SHA1:A4B370F556B925F7126BF87F70263D1705C3A0DB
                                                                                                                                                                                                SHA-256:D9FDA05AE16C5387AB46DC728C6EDCE6A3D0A9E1ABDD7ACB8B32FC2A17BE6F13
                                                                                                                                                                                                SHA-512:D03033EA5CF37641FBD802EBEB5019CAEF33C9A78E01519FEA88F87E773DCA92C80B74BA80429B530694DAD0BFA3F043A7104234C7C961E18D48019D90277C8E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14336
                                                                                                                                                                                                Entropy (8bit):5.227045547076371
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:saF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDn4clG6VcqgOvgdd:swGXkFE8Zo+AojO9jZeDf5rgOvgz
                                                                                                                                                                                                MD5:309D6F6B0DD022EBD9214F445CAC7BB9
                                                                                                                                                                                                SHA1:ABD22690B7AD77782CFC0D2393D0C038E16070B0
                                                                                                                                                                                                SHA-256:4FBE188C20FB578D4B66349D50AA6FFE4AB86844FB6427C57738F36780D1E2E2
                                                                                                                                                                                                SHA-512:D1951FE92F83E7774E8E877815BED6E6216D56EF18B7F1C369D678CB6E1814243659E9FA7ABC0D22FB5B34A9D50A51D5A89BA00AE1FDD32157FD0FF9902FB4B7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                Entropy (8bit):5.176369829782773
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:rF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreD2mf1AoxkVcqgOvgXQ:rGXkFE/UW575tA2eDp1Ao2rgOvgX
                                                                                                                                                                                                MD5:D54FEB9A270B212B0CCB1937C660678A
                                                                                                                                                                                                SHA1:224259E5B684C7AC8D79464E51503D302390C5C9
                                                                                                                                                                                                SHA-256:032B83F1003A796465255D9B246050A196488BAC1260F628913E536314AFDED4
                                                                                                                                                                                                SHA-512:29955A6569CA6D039B35BB40C56AEEB75FC765600525D0B469F72C97945970A428951BAB4AF9CD21B3161D5BBA932F853778E2674CA83B14F7ABA009FA53566F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14336
                                                                                                                                                                                                Entropy (8bit):5.047563322651927
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:6alCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHD9CIg5kP:5CvHmp3OpnEhmLg9yH8puzoFaPERIQgI
                                                                                                                                                                                                MD5:52DCD4151A9177CF685BE4DF48EA9606
                                                                                                                                                                                                SHA1:F444A4A5CBAE9422B408420115F0D3FF973C9705
                                                                                                                                                                                                SHA-256:D54375DC0652358A6E4E744F1A0EAEEAD87ACCD391A20D6FF324FE14E988A122
                                                                                                                                                                                                SHA-512:64C54B89F2637759309ECC6655831C3A6755924ED70CBC51614061542EB9BA9A8AECF6951EB3AB92447247DC4D7D846C88F4957DBBE4484A9AB934343EE27178
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                Entropy (8bit):5.09893680790018
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:xsiXeqVb0lwbH4P01sAD7I/9hAkwDWzBEbcqgqLg:valqH4M1sAD7KvpwDFtgqLg
                                                                                                                                                                                                MD5:F929B1A3997427191E07CF52AC883054
                                                                                                                                                                                                SHA1:C5EA5B68586C2FB09E5FDD20D4DD616D06F5CBA6
                                                                                                                                                                                                SHA-256:5386908173074FABD95BF269A9DF0A4E1B21C0576923186F449ABF4A820F6A8E
                                                                                                                                                                                                SHA-512:2C79DBCE2C21214D979AB86DD989D41A3AFA7FCB7F3B79BA9974E2EE8F832DD7CA20C1C87C0C380DB037D776FE6D0851D60AD55A08AFDE0003B7E59214DD2F3B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15360
                                                                                                                                                                                                Entropy (8bit):5.451865349855574
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:KfwogDHER1wuiDSyoGTgDZOviNgEPrLg:ugDHELwuiDScTgDwi+EP
                                                                                                                                                                                                MD5:1FA5E257A85D16E916E9C22984412871
                                                                                                                                                                                                SHA1:1AC8EE98AD0A715A1B40AD25D2E8007CDC19871F
                                                                                                                                                                                                SHA-256:D87A9B7CAD4C451D916B399B19298DC46AAACC085833C0793092641C00334B8E
                                                                                                                                                                                                SHA-512:E4205355B647C6E28B7E4722328F51DC2EB3A109E9D9B90F7C53D7A80A5A4B10E40ABDDAB1BA151E73EF3EB56941F843535663F42DCE264830E6E17BB659EADF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13824
                                                                                                                                                                                                Entropy (8bit):5.104245335186531
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3F/1n7Guqaj0kt7/Ev9kt0Qwac6QzD8iD0QocqgI4G0S:nGXkd/EvGt9wacNDvAgI4v
                                                                                                                                                                                                MD5:FAD578A026F280C1AE6F787B1FA30129
                                                                                                                                                                                                SHA1:9A3E93818A104314E172A304C3D117B6A66BEB55
                                                                                                                                                                                                SHA-256:74A1FF0801F4704158684267CD8E123F83FB6334FE522C1890AC4A0926F80AB1
                                                                                                                                                                                                SHA-512:ACF8F5B382F3B4C07386505BBDCAF625D13BCC10AA93ED641833E3548261B0AD1063E2F59BE2FCD2AFAF3D315CB3FC5EB629CEFC168B33CFD65A3A6F1120F7FF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17920
                                                                                                                                                                                                Entropy (8bit):5.671305741258107
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:APHoDUntQj0sKhDOJ+0QPSfu6rofDjiZzgE+kbwb:VUOYsKNO466DjoUE+
                                                                                                                                                                                                MD5:556E6D0E5F8E4DA74C2780481105D543
                                                                                                                                                                                                SHA1:7A49CDEF738E9FE9CD6CD62B0F74EAD1A1774A33
                                                                                                                                                                                                SHA-256:247B0885CF83375211861F37B6DD1376AED5131D621EE0137A60FE7910E40F8B
                                                                                                                                                                                                SHA-512:28FA0CE6BDBCC5E95B80AADC284C12658EF0C2BE63421AF5627776A55050EE0EA0345E30A15B744FC2B2F5B1B1BBB61E4881F27F6E3E863EBAAEED1073F4CDA1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....*..........P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21504
                                                                                                                                                                                                Entropy (8bit):5.878701941774916
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:EJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1OhgkxEv:EcIRnHX1P/YtswvaD1Rk
                                                                                                                                                                                                MD5:2F2655A7BBFE08D43013EDDA27E77904
                                                                                                                                                                                                SHA1:33D51B6C423E094BE3E34E5621E175329A0C0914
                                                                                                                                                                                                SHA-256:C734ABBD95EC120CB315C43021C0E1EB1BF2295AF9F1C24587334C3FCE4A5BE1
                                                                                                                                                                                                SHA-512:8AF99ACC969B0E560022F75A0CDCAA85D0BDEADADEACD59DD0C4500F94A5843EA0D4107789C1A613181B1F4E5252134A485EF6B1D9D83CDB5676C5FEE4D49B90
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21504
                                                                                                                                                                                                Entropy (8bit):5.881781476285865
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:EJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD12gkxEv:EcIRnHXfP/YtswvaD1zk
                                                                                                                                                                                                MD5:CDE035B8AB3D046B1CE37EEE7EE91FA0
                                                                                                                                                                                                SHA1:4298B62ED67C8D4F731D1B33E68D7DC9A58487FF
                                                                                                                                                                                                SHA-256:16BEA322D994A553B293A724B57293D57DA62BC7EAF41F287956B306C13FD972
                                                                                                                                                                                                SHA-512:C44FDEE5A210459CE4557351E56B2D357FD4937F8EC8EACEAB842FEE29761F66C2262FCBAAC837F39C859C67FA0E23D13E0F60B3AE59BE29EB9D8ABAB0A572BB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26624
                                                                                                                                                                                                Entropy (8bit):5.837887867708438
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:e839Cc4itui0gel9soFdkO66MlPGXmXcyYDTzks:Ns4u/FZ6nPxMLDvk
                                                                                                                                                                                                MD5:999D431197D7E06A30E0810F1F910B9A
                                                                                                                                                                                                SHA1:9BFF781221BCFFD8E55485A08627EC2A37363C96
                                                                                                                                                                                                SHA-256:AB242B9C9FB662C6F7CB57F7648F33983D6FA3BB0683C5D4329EC2CC51E8C875
                                                                                                                                                                                                SHA-512:A5DD92DD471ADB44EEFE5919EF9CA3978724E21174DF5B3A9C1F0AB462F928E5A46A460D02417DB7522F5DE3BFEED5EEE6B1EAFAF3E621722E85E72675F7096F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26624
                                                                                                                                                                                                Entropy (8bit):5.895310340516013
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:lcX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTOvk:a38u/FZ6nPxM3DAk
                                                                                                                                                                                                MD5:0931ABBF3AED459B1A2138B551B1D3BB
                                                                                                                                                                                                SHA1:9EC0296DDAF574A89766A2EC035FC30073863AB0
                                                                                                                                                                                                SHA-256:1729A0DC6B80CB7A3C07372B98B10D3C6C613EA645240878E1FDE6A992FA06F1
                                                                                                                                                                                                SHA-512:9F970BB4D10B94F525DDDDE307C7DA5E672BBFB3A3866A34B89B56ADA99476724FD690A4396857182749294F67F36DB471A048789FB715D2A7DAF46917FC1947
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12800
                                                                                                                                                                                                Entropy (8bit):4.967737129255606
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dMpWt/1nCuqaL0kt7TsEx2fiTgDZqGF0T7cqgkLgJ:k/k1Ts64DDJyBgkLg
                                                                                                                                                                                                MD5:5F057A380BACBA4EF59C0611549C0E02
                                                                                                                                                                                                SHA1:4B758D18372D71F0AA38075F073722A55B897F71
                                                                                                                                                                                                SHA-256:BCB14DAC6C87C24269D3E60C46B49EFFB1360F714C353318F5BBAA48C79EC290
                                                                                                                                                                                                SHA-512:E1C99E224745B86EE55822C1DBCB4555A11EC31B72D87B46514917EB61E0258A1C6D38C4F592969C17EB4F0F74DA04BCECA31CF1622720E95F0F20E9631792E8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13312
                                                                                                                                                                                                Entropy (8bit):5.007867576025166
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:bMt/1nCuqaL0ktPH0T7fwtF4zDn2rGacqgRGd:1/kpU3Yv4zDXqgRGd
                                                                                                                                                                                                MD5:49BCA1B7DF076D1A550EE1B7ED3BD997
                                                                                                                                                                                                SHA1:47609C7102F5B1BCA16C6BAD4AE22CE0B8AEE9E9
                                                                                                                                                                                                SHA-256:49E15461DCB76690139E71E9359F7FCF92269DCCA78E3BFE9ACB90C6271080B2
                                                                                                                                                                                                SHA-512:8574D7FA133B72A4A8D1D7D9FDB61053BC88C2D238B7AC7D519BE19972B658C44EA1DE433885E3206927C75DD5D1028F74999E048AB73189585B87630F865466
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15872
                                                                                                                                                                                                Entropy (8bit):5.226023387740053
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:rfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDiYIgovg:mcHfRl5pauoSjy5DiE
                                                                                                                                                                                                MD5:CB5CFDD4241060E99118DEEC6C931CCC
                                                                                                                                                                                                SHA1:1E7FED96CF26C9F4730A4621CA9D18CECE3E0BCE
                                                                                                                                                                                                SHA-256:A8F809B6A417AF99B75EEEEA3ECD16BDA153CBDA4FFAB6E35CE1E8C884D899C4
                                                                                                                                                                                                SHA-512:8A89E3563C14B81353D251F9F019D8CBF07CB98F78452B8522413C7478A0D77B9ABF2134E4438145D6363CDA39721D2BAE8AD13D1CDACCBB5026619D95F931CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14848
                                                                                                                                                                                                Entropy (8bit):5.262055670423592
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:C/ZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cD66WGcqgFjLg:vI4IHHaQfSVnCZyDImgFjLg
                                                                                                                                                                                                MD5:18D2D96980802189B23893820714DA90
                                                                                                                                                                                                SHA1:5DEE494D25EB79038CBC2803163E2EF69E68274C
                                                                                                                                                                                                SHA-256:C2FD98C677436260ACB9147766258CB99780A007114AED37C87893DF1CF1A717
                                                                                                                                                                                                SHA-512:0317B65D8F292332C5457A6B15A77548BE5B2705F34BB8F4415046E3E778580ABD17B233E6CC2755C991247E0E65B27B5634465646715657B246483817CACEB7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):36352
                                                                                                                                                                                                Entropy (8bit):5.913843738203007
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:dspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSq:7Y44UagH6cAFCLUSYpMg3YDzPo5kG9G
                                                                                                                                                                                                MD5:EF472BA63FD22922CA704B1E7B95A29E
                                                                                                                                                                                                SHA1:700B68E7EF95514D5E94D3C6B10884E1E187ACD8
                                                                                                                                                                                                SHA-256:66EEF4E6E0CEEEF2C23A758BFBEDAE7C16282FC93D0A56ACAFC40E871AC3F01C
                                                                                                                                                                                                SHA-512:DC2060531C4153C43ABF30843BCB5F8FA082345CA1BB57F9AC8695EDDB28FF9FDA8132B6B6C67260F779D95FCADCAE2811091BCA300AB1E041FAE6CC7B50ABD8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .....`...0......`.....................................................`..........................................~..|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                Entropy (8bit):4.735350805948923
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:rhsC3eqv6b0q3OQ3rHu5bc64OhD2I/p3cqgONLg:r/Hq3jHuY64OhDJJgONLg
                                                                                                                                                                                                MD5:3B1CE70B0193B02C437678F13A335932
                                                                                                                                                                                                SHA1:063BFD5A32441ED883409AAD17285CE405977D1F
                                                                                                                                                                                                SHA-256:EB2950B6A2185E87C5318B55132DFE5774A5A579259AB50A7935A7FB143EA7B1
                                                                                                                                                                                                SHA-512:0E02187F17DFCFD323F2F0E62FBFE35F326DCF9F119FC8B15066AFAEEE4EB7078184BC85D571B555E9E67A2DD909EC12D8A67E3D075E9B1283813EF274E05C0D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_curve25519.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22528
                                                                                                                                                                                                Entropy (8bit):5.705606408072877
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:19BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDEFSegqrA:NcRy38J+9dmvufFtaGDV
                                                                                                                                                                                                MD5:FF33C306434DEC51D39C7BF1663E25DA
                                                                                                                                                                                                SHA1:665FCF47501F1481534597C1EAC2A52886EF0526
                                                                                                                                                                                                SHA-256:D0E3B6A2D0E073B2D9F0FCDB051727007943A17A4CA966D75EBA37BECDBA6152
                                                                                                                                                                                                SHA-512:66A909DC9C3B7BD4050AA507CD89B0B3A661C85D33C881522EC9568744953B698722C1CBFF093F9CBCD6119BD527FECAB05A67F2E32EC479BE47AFFA4377362C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_curve448.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):70656
                                                                                                                                                                                                Entropy (8bit):6.0189903352673655
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Jfju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXOa:pXRMgWiEDZiECgd/iwOXUQdbhov0ClbU
                                                                                                                                                                                                MD5:F267BF4256F4105DAD0D3E59023011ED
                                                                                                                                                                                                SHA1:9BC6CA0F375CE49D5787C909D290C07302F58DA6
                                                                                                                                                                                                SHA-256:1DDE8BE64164FF96B2BAB88291042EB39197D118422BEE56EB2846E7A2D2F010
                                                                                                                                                                                                SHA-512:A335AF4DBF1658556ED5DC13EE741419446F7DAEC6BD2688B626A803FA5DD76463D6367C224E0B79B17193735E2C74BA417C26822DAEEF05AC3BAB1588E2DE83
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...\..f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):770560
                                                                                                                                                                                                Entropy (8bit):7.613224993327352
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:XtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:XtIrHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                MD5:1EFD7F7CB1C277416011DE6F09C355AF
                                                                                                                                                                                                SHA1:C0F97652AC2703C325AB9F20826A6F84C63532F2
                                                                                                                                                                                                SHA-256:AB45FA80A68DB1635D41DC1A4AAD980E6716DAC8C1778CB5F30CDB013B7DF6E6
                                                                                                                                                                                                SHA-512:2EC4B88A1957733043BBD63CEAA6F5643D446DB607B3267FAD1EC611E6B0AF697056598AAC2AE5D44AB2B9396811D183C32BCE5A0FF34E583193A417D1C5226B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26112
                                                                                                                                                                                                Entropy (8bit):5.8551858881598795
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:BczadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2pRQNgQQ77k:2udRf2MuMJ+9dmv8aea34taLDcfQ
                                                                                                                                                                                                MD5:C5FB377F736ED731B5578F57BB765F7A
                                                                                                                                                                                                SHA1:5BA51E11F4DE1CAEDEBA0F7D4D10EC62EC109E01
                                                                                                                                                                                                SHA-256:32073DF3D5C85ABCE7D370D6E341EF163A8350F6A9EDC775C39A23856CCFDD53
                                                                                                                                                                                                SHA-512:D361BCDAF2C700D5A4AC956D96E00961432C05A1B692FC870DB53A90F233A6D24AA0C3BE99E40BD8E5B7C6C1B2BCDCDCFC545292EF321486FFC71C5EA7203E6A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):84992
                                                                                                                                                                                                Entropy (8bit):6.064677498000638
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:BrYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKW:Br4vxcZeLrIeN1TvHsuP45yAqVDK9ag3
                                                                                                                                                                                                MD5:8A0C0AA820E98E83AC9B665A9FD19EAF
                                                                                                                                                                                                SHA1:6BF5A14E94D81A55A164339F60927D5BF1BAD5C4
                                                                                                                                                                                                SHA-256:4EE3D122DCFFE78E6E7E76EE04C38D3DC6A066E522EE9F7AF34A09649A3628B1
                                                                                                                                                                                                SHA-512:52496AE7439458DEDB58A65DF9FFDCC3A7F31FC36FE7202FB43570F9BB03ABC0565F5EF32E5E6C048ED3EBC33018C19712E58FF43806119B2FB5918612299E7E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10240
                                                                                                                                                                                                Entropy (8bit):4.675380950473425
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:frQRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDpqf4AZaRcX6gnO:Qddz2KTnThIz0qfteRIDgRWcqgnCWt
                                                                                                                                                                                                MD5:44B930B89CE905DB4716A548C3DB8DEE
                                                                                                                                                                                                SHA1:948CBFF12A243C8D17A7ACD3C632EE232DF0F0ED
                                                                                                                                                                                                SHA-256:921C2D55179C0968535B20E9FD7AF55AD29F4CE4CF87A90FE258C257E2673AA5
                                                                                                                                                                                                SHA-512:79DF755BE8B01D576557A4CB3F3200E5EE1EDE21809047ABB9FF8D578C535AC1EA0277EDA97109839A7607AF043019F2C297E767441C7E11F81FDC87FD1B6EFC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................@'..|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10240
                                                                                                                                                                                                Entropy (8bit):4.625428549874022
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:flipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDVZqYNIfcX6gHCWx:Cddz2KTnThIz0qfteR5DVwYkcqgHCWt
                                                                                                                                                                                                MD5:F24F9356A6BDD29B9EF67509A8BC3A96
                                                                                                                                                                                                SHA1:A26946E938304B4E993872C6721EB8CC1DCBE43B
                                                                                                                                                                                                SHA-256:034BB8EFE3068763D32C404C178BD88099192C707A36F5351F7FDB63249C7F81
                                                                                                                                                                                                SHA-512:C4D3F92D7558BE1A714388C72F5992165DD7A9E1B4FA83B882536030542D93FDAD9148C981F76FFF7868192B301AC9256EDB8C3D5CE5A1A2ACAC183F96C1028B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\VCRUNTIME140.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):109392
                                                                                                                                                                                                Entropy (8bit):6.641929675972235
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
                                                                                                                                                                                                MD5:4585A96CC4EEF6AAFD5E27EA09147DC6
                                                                                                                                                                                                SHA1:489CFFF1B19ABBEC98FDA26AC8958005E88DD0CB
                                                                                                                                                                                                SHA-256:A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736
                                                                                                                                                                                                SHA-512:D78260C66331FE3029D2CC1B41A5D002EC651F2E3BBF55076D65839B5E3C6297955AFD4D9AB8951FBDC9F929DBC65EB18B14B59BCE1F2994318564EB4920F286
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d..._#;..........." ...".....`......................................................=.....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\VCRUNTIME140_1.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):49520
                                                                                                                                                                                                Entropy (8bit):6.65700274508223
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:YEgYXUcHJcUJSDW/tfxL1qBSHGm6Ub/I2Hi09z0XQKBcRmuU9zuKl:YvGS8fZ1esJwUpz0X3B+d8zuKl
                                                                                                                                                                                                MD5:7E668AB8A78BD0118B94978D154C85BC
                                                                                                                                                                                                SHA1:DBAC42A02A8D50639805174AFD21D45F3C56E3A0
                                                                                                                                                                                                SHA-256:E4B533A94E02C574780E4B333FCF0889F65ED00D39E32C0FBBDA2116F185873F
                                                                                                                                                                                                SHA-512:72BB41DB17256141B06E2EAEB8FC65AD4ABDB65E4B5F604C82B9E7E7F60050734137D602E0F853F1A38201515655B6982F2761EE0FA77C531AA58591C95F0032
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............L...L...L...M...L...M...L.FL...L...L...L...M...L...M...L...M...L...M...L..*L...L...M...LRich...L........................PE..d....J.$.........." ...".<...8.......A....................................................`A........................................0m.......m..x....................r..pO......D....c..p...........................pb..@............P..h............................text...0:.......<.................. ..`.rdata..."...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_asyncio.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):71448
                                                                                                                                                                                                Entropy (8bit):6.243013214204417
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:nhaPPkvDcBlqCTFFQ/ObfW11swNIGOnL7SyaeCxT:hanCDcnqCJFOObfW11swNIGOnLoeE
                                                                                                                                                                                                MD5:2CD68FF636394D3019411611E27D0A3B
                                                                                                                                                                                                SHA1:DA369C5D1A32F68639170D8A265A9EA49C2C8EBD
                                                                                                                                                                                                SHA-256:0D4FBD46F922E548060EA74C95E99DC5F19B1DF69BE17706806760515C1C64FE
                                                                                                                                                                                                SHA-512:37388D137454F52057B2376D95ABCC955FA1EDC3E20B96445FA45D1860544E811DF0C547F221C8671DC1A4D90262BB20F3B9F114252F3C47A8C3829951A2CE51
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B:.T.[...[...[...#*..[...'...[...'...[...'...[...'...[...&...[..M#...[...[...[...&...[...&...[...&F..[...&...[..Rich.[..........................PE..d...Q..e.........." ...#.f................................................... ......A&....`.............................................P......d......................../..............T...........................@...@............................................text...)d.......f.................. ..`.rdata..`O.......P...j..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_bz2.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):84760
                                                                                                                                                                                                Entropy (8bit):6.584507188180646
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:FFzZz757cav+IuK66nlxX8W8LsANVIGCV87SyixL7:DzZzq6n3MhLsMVIGCV8O7
                                                                                                                                                                                                MD5:C7CE973F261F698E3DB148CCAD057C96
                                                                                                                                                                                                SHA1:59809FD48E8597A73211C5DF64C7292C5D120A10
                                                                                                                                                                                                SHA-256:02D772C03704FE243C8DE2672C210A5804D075C1F75E738D6130A173D08DFCDE
                                                                                                                                                                                                SHA-512:A924750B1825747A622EEF93331FD764D824C954297E37E8DC93A450C11AA7AB3AD7C3B823B11656B86E64DE3CD5D409FDA15DB472488DFAA4BB50341F0B29D1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.l.3...3...3...:...9......1......0......>......;......7.......0...x...1...3...l.......;.......2.......2.......2...Rich3...................PE..d...f..e.........." ...#.....^...............................................P.......@....`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text............................... ..`.rdata..p>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):179712
                                                                                                                                                                                                Entropy (8bit):6.180800197956408
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:IULjhBCx8qImKrUltSfGzdMcbb9CF8OS7jkSTLkKWlgeml:IgCeqImzSfIMcNCvOkSTLLWWem
                                                                                                                                                                                                MD5:FCB71CE882F99EC085D5875E1228BDC1
                                                                                                                                                                                                SHA1:763D9AFA909C15FEA8E016D321F32856EC722094
                                                                                                                                                                                                SHA-256:86F136553BA301C70E7BADA8416B77EB4A07F76CCB02F7D73C2999A38FA5FA5B
                                                                                                                                                                                                SHA-512:4A0E98AB450453FD930EDC04F0F30976ABB9214B693DB4B6742D784247FB062C57FAFAFB51EB04B7B4230039AB3B07D2FFD3454D6E261811F34749F2E35F04D6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......a..#%p.p%p.p%p.p,..p)p.p5.q'p.p5.zp!p.p5.q!p.p5.q-p.p5.q)p.pn..q!p.p6.q&p.p%p.p.p.pm..q!p.p,..p$p.pm..q$p.pm.xp$p.pm..q$p.pRich%p.p........................PE..d...W..f.........." ...).....B......`........................................0............`..........................................h..l....i..................T............ .......O...............................M..@............................................text............................... ..`.rdata..............................@..@.data....].......0...p..............@....pdata..T...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_ctypes.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):124696
                                                                                                                                                                                                Entropy (8bit):6.1345016966871455
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:kuiS11BYNd+5AWdu41qOqJ/f/EX4lCPIWu1ptpIGLP+z:Pl1U+Ke/16f/ExWI
                                                                                                                                                                                                MD5:10FDCF63D1C3C3B7E5861FBB04D64557
                                                                                                                                                                                                SHA1:1AA153EFEC4F583643046618B60E495B6E03B3D7
                                                                                                                                                                                                SHA-256:BC3B83D2DC9E2F0E6386ED952384C6CF48F6EED51129A50DFD5EF6CBBC0A8FB3
                                                                                                                                                                                                SHA-512:DC702F4100ED835E198507CD06FA5389A063D4600FC08BE780690D729AB62114FD5E5B201D511B5832C14E90A5975ED574FC96EDB5A9AB9EB83F607C7A712C7F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z.z.z.s...|....x....v....r....~.....x.1...{.1...|.....y.z.......|.....{...o.{.....{.Richz.................PE..d...c..e.........." ...#............p^..............................................".....`..........................................`.......a.........................../......p.......T...............................@............................................text............................... ..`.rdata...l.......n..................@..@.data....4.......0...h..............@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_decimal.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):253208
                                                                                                                                                                                                Entropy (8bit):6.567915765795386
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:DV0lmIvcruIDCiryrjqPBTn9qWM53pLW1AuDRRRctULoT3TdTx:SN0rQiryr8TaV+QTdTx
                                                                                                                                                                                                MD5:21C73E7E0D7DAD7A1FE728E3B80CE073
                                                                                                                                                                                                SHA1:7B363AF01E83C05D0EA75299B39C31D948BBFE01
                                                                                                                                                                                                SHA-256:A28C543976AA4B6D37DA6F94A280D72124B429F458D0D57B7DBCF71B4BEA8F73
                                                                                                                                                                                                SHA-512:0357102BFFC2EC2BC6FF4D9956D6B8E77ED8558402609E558F1C1EBC1BACA6AEAA5220A7781A69B783A54F3E76362D1F74D817E4EE22AAC16C7F8C86B6122390
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.R.!...!...!...Y=..!..+]...!..+]...!..+]...!..+]...!..M\...!...Y...!...!...!..M\...!..M\...!..M\...!..M\Q..!..M\...!..Rich.!..........PE..d...T..e.........." ...#.v...<......|.....................................................`..........................................T..P....T...................'......./......P...`...T........................... ...@............................................text....t.......v.................. ..`.rdata...............z..............@..@.data....*...p...$...R..............@....pdata...'.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_hashlib.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):64792
                                                                                                                                                                                                Entropy (8bit):6.219813461442214
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:CQGllrIdcGuzZc94cVM7gDX4NIGOI67Sy+xzn1:I6cvz+9IgDX4NIGOI6Sn1
                                                                                                                                                                                                MD5:F495D1897A1B52A2B15C20DCECB84B47
                                                                                                                                                                                                SHA1:8CB65590A8815BDA58C86613B6386B5982D9EC3F
                                                                                                                                                                                                SHA-256:E47E76D70D508B62924FE480F30E615B12FDD7745C0AAC68A2CDDABD07B692AE
                                                                                                                                                                                                SHA-512:725D408892887BEBD5BCF040A0ECC6A4E4B608815B9DEA5B6F7B95C812715F82079896DF33B0830C9F787FFE149B8182E529BB1F78AADD89DF264CF8853EE4C4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&.U&...&u..'...&u..'...&u..'...&u..'...&...'...&...'...&...&M..&...'...&...'...&..9&...&...'...&Rich...&........PE..d......e.........." ...#.R...~.......>..............................................'.....`.............................................P.............................../......X....|..T............................{..@............p..(............................text...7P.......R.................. ..`.rdata...N...p...P...V..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_lzma.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):159512
                                                                                                                                                                                                Entropy (8bit):6.841828996170163
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:RmuEE9tZBoI+1hINrznfB9mNoNSn2Vh/VDxuVIGZ1L6E:RmuFPobkNpYONnvfuCE
                                                                                                                                                                                                MD5:4E2239ECE266230ECB231B306ADDE070
                                                                                                                                                                                                SHA1:E807A078B71C660DB10A27315E761872FFD01443
                                                                                                                                                                                                SHA-256:34130D8ABE27586EE315262D69AF4E27429B7EAB1F3131EA375C2BB62CF094BE
                                                                                                                                                                                                SHA-512:86E6A1EAB3529E600DD5CAAB6103E34B0F618D67322A5ECF1B80839FAA028150C492A5CF865A2292CC8584FBA008955DA81A50B92301583424401D249C5F1401
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........TB#.5,p.5,p.5,p.M.p.5,p.I-q.5,p.I)q.5,p.I(q.5,p.I/q.5,pnH-q.5,p.M-q.5,p.5-p.5,pnH!q.5,pnH,q.5,pnH.p.5,pnH.q.5,pRich.5,p........PE..d......e.........." ...#.d..........06....................................................`......................................... %..L...l%..x....p.......P.......@.../......4.......T...........................p...@............................................text...:b.......d.................. ..`.rdata..............h..............@..@.data...(....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..4............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_multiprocessing.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):35096
                                                                                                                                                                                                Entropy (8bit):6.456173627081832
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:VAIvrenSE0PkA9c0ji+m9IGWte5YiSyv2pAAMxkEn:6ITQSH9c0jlm9IGWtU7SyOOxj
                                                                                                                                                                                                MD5:811BCEE2F4246265898167B103FC699B
                                                                                                                                                                                                SHA1:AE3DE8ACBA56CDE71001D3796A48730E1B9C7CCE
                                                                                                                                                                                                SHA-256:FB69005B972DC3703F9EF42E8E0FDDF8C835CB91F57EF9B6C66BBDF978C00A8C
                                                                                                                                                                                                SHA-512:1F71E23CE4B6BC35FE772542D7845DCBEA2A34522BA0468B61CB05F9ABAB7732CBF524BCFF498D1BD0B13B5E8A45C373CCA19AD20E5370F17259E281EDF344BE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........)*.wGy.wGy.wGy...y.wGy'.Fx.wGy'.Bx.wGy'.Cx.wGy'.Dx.wGyA.Fx.wGy.wFy.wGy..Fx.wGyA.Jx.wGyA.Gx.wGyA..y.wGyA.Ex.wGyRich.wGy........................PE..d...W..e.........." ...#.....>......P.....................................................`.........................................0E..`....E..x............p.......Z.../...........4..T............................3..@............0...............................text............................... ..`.rdata..r ...0..."..."..............@..@.data........`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_overlapped.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):55576
                                                                                                                                                                                                Entropy (8bit):6.3454178187323755
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:2ND3ua5sIRL9EiqXxpNdtrtBIGXtz7SyNxM:2NjOiUpNdPBIGXtzi
                                                                                                                                                                                                MD5:F9C67280538408411BE9A7341B93B5B0
                                                                                                                                                                                                SHA1:CCF776CD2483BC83B48B1DB322D7B6FCAB48356E
                                                                                                                                                                                                SHA-256:5D298BB811037B583CFF6C88531F1742FAE5EEE47C290ADB47DDBD0D6126B9CC
                                                                                                                                                                                                SHA-512:AF2156738893EF504D582ACE6750B25BC42AD1EC8A92E0550CE54810706D854F37A82F38EB965A537CAD5D35C0178C5EB7B4D20DB2A95BEBFECF9A13C0592646
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|!{X.O(X.O(X.O(Qe.(\.O(.aN)Z.O(.aJ)T.O(.aK)P.O(.aL)[.O(.`N)Z.O(X.N(/.O(.eN)].O(.eK)Y.O(.`B)Y.O(.`O)Y.O(.`.(Y.O(.`M)Y.O(RichX.O(................PE..d...V..e.........." ...#.L...`......P...............................................wC....`.............................................X...X............................/......(....f..T...........................`e..@............`...............................text....J.......L.................. ..`.rdata..D8...`...:...P..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_queue.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):32536
                                                                                                                                                                                                Entropy (8bit):6.464181935983508
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:/k+Ea6rfMkAYY0J/MpIGQUG5YiSyvHAMxkEJ5YSv:8tfHY0JEpIGQU87SyPx/Y+
                                                                                                                                                                                                MD5:6E00E0821BB519333CCFD4E61A83CB38
                                                                                                                                                                                                SHA1:3550A41BB2EA54F456940C4D1940ACAB36815949
                                                                                                                                                                                                SHA-256:2AD02D49691A629F038F48FCDEE46A07C4FCC2CB0620086E7B09AC11915AE6B7
                                                                                                                                                                                                SHA-512:C3F8332C10B58F30E292676B48ECF1860C5EF9546367B87E90789F960C91EAE4D462DD3EE9CB14F603B9086E81B6701AAB56DA5B635B22DB1E758ED0A983E562
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B:W\.[9..[9..[9..#...[9..'8..[9..'<..[9..'=..[9..':..[9..&8..[9.M#8..[9..[8.M[9..&4..[9..&9..[9..&...[9..&;..[9.Rich.[9.........................PE..d...Y..e.........." ...#.....8.......................................................a....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text............................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_socket.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):83224
                                                                                                                                                                                                Entropy (8bit):6.340320871656589
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:ZUuhzLx79flWrqcqtpjly+uCo9/s+S+pzcHQ6B48/VI9dsSbxntpIGLwIU7SyZxL:ZU6zLRNawRy+uCo9/sT+pzuXxVIbsSde
                                                                                                                                                                                                MD5:899380B2D48DF53414B974E11BB711E3
                                                                                                                                                                                                SHA1:F1D11F7E970A7CD476E739243F8F197FCB3AD590
                                                                                                                                                                                                SHA-256:B38E66E6EE413E5955EF03D619CADD40FCA8BE035B43093D2342B6F3739E883E
                                                                                                                                                                                                SHA-512:7426CA5E7A404B9628E2966DAE544F3E8310C697145567B361825DC0B5C6CD87F2CAF567DEF8CD19E73D68643F2F38C08FF4FF0BB0A459C853F241B8FDF40024
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J./.+z|.+z|.+z|.S.|.+z|.W{}.+z|.W.}.+z|.W~}.+z|.Wy}.+z|}V{}.+z|.+{|.+z|.S{}.+z|}Vw}.+z|}Vz}.+z|}V.|.+z|}Vx}.+z|Rich.+z|................PE..d......e.........." ...#.v...........-.......................................`...........`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...H...........................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_sqlite3.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):124696
                                                                                                                                                                                                Entropy (8bit):6.2652662506859444
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:fZIPlR6TxhNO7/9CO4w5yIFGcXcpVNIGOQyl:RjFHO7kC56cXuo
                                                                                                                                                                                                MD5:CEE93C920951C1169B615CB6330CEDDA
                                                                                                                                                                                                SHA1:EF2ABF9F760DB2DE0BD92AFE8766A0B798CF8167
                                                                                                                                                                                                SHA-256:FF25BDBEEF34D2AA420A79D3666C2660E7E3E96259D1F450F1AF5268553380EC
                                                                                                                                                                                                SHA-512:999D324448BB39793E4807432C697F01F8922B0ABA4519A21D5DC4F4FC8E9E4737D7E104B205B931AF753EDA65F61D0C744F12BE84446F9C6CB3C2A5B35B773C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@.g...g...g.......g..../..g......g....+..g....*..g....-..g..q./..g..../..g...g/..f..q.#..g..q....g..q...g..q.,..g..Rich.g..........PE..d......e.........." ...#.............................................................-....`.........................................po..P....o..................8......../.......... ...T...............................@............................................text............................... ..`.rdata..............................@..@.data...8............|..............@....pdata..8...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_ssl.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):177432
                                                                                                                                                                                                Entropy (8bit):5.975354635226847
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:KXGEr/16/nJxNOJW5NT6X3l44K5WOSCSVRJNI7IM/cbP7RHs3J7VIGC7hN:Y/r/16/nDNPT6X3l1CMVS7i
                                                                                                                                                                                                MD5:9B4E74FD1DE0F8A197E4AA1E16749186
                                                                                                                                                                                                SHA1:833179B49EB27C9474B5189F59ED7ECF0E6DC9EA
                                                                                                                                                                                                SHA-256:A4CE52A9E0DADDBBE7A539D1A7EDA787494F2173DDCC92A3FAF43B7CF597452B
                                                                                                                                                                                                SHA-512:AE72B39CB47A859D07A1EE3E73DE655678FE809C5C17FFD90797B5985924DDB47CEB5EBE896E50216FB445526C4CBB95E276E5F3810035B50E4604363EB61CD4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U.k.4.8.4.8.4.8.L)8.4.8.H.9.4.8.H.9.4.8.H.9.4.8.H.9.4.8kI.9.4.8.4.8#5.8.L.9.4.8kI.9.4.8kI.9.4.8kIE8.4.8kI.9.4.8Rich.4.8........................PE..d......e.........." ...#............\,....................................................`......................................... ...d.......................8......../......x...@...T...............................@............................................text.............................. ..`.rdata...!......."..................@..@.data...(...........................@....pdata..8............^..............@..@.rsrc................j..............@..@.reloc..x............t..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_uuid.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):25368
                                                                                                                                                                                                Entropy (8bit):6.6272949891352315
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:lrfwHnEWGQiAQVIGZwJXHQIYiSy1pCQ4XAM+o/8E9VF0NyqzJSj:dQnEIHQVIGZw95YiSyv8AMxkEqw
                                                                                                                                                                                                MD5:3C8737723A903B08D5D718336900FD8C
                                                                                                                                                                                                SHA1:2AD2D0D50F6B52291E59503222B665B1823B0838
                                                                                                                                                                                                SHA-256:BB418E91E543C998D11F9E65FD2A4899B09407FF386E059A88FE2A16AED2556B
                                                                                                                                                                                                SHA-512:1D974EC1C96E884F30F4925CC9A03FB5AF78687A267DEC0D1582B5D7561D251FB733CF733E0CC00FAEE86F0FEF6F73D36A348F3461C6D34B0238A75F69320D10
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<p.R#.R#.R#...#.R#i.S".R#i.W".R#i.V".R#i.Q".R#..S".R#..S".R#.S#..R#..Z".R#..R".R#...#.R#..P".R#Rich.R#........................PE..d...]..e.........." ...#.....&...... ........................................p......wz....`.........................................`)..L....)..x....P.......@.......4.../...`..@...`#..T........................... "..@............ ..8............................text...h........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\_wmi.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):36632
                                                                                                                                                                                                Entropy (8bit):6.364173312940401
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:PgMwnWGwMtUTA7LlVIGCilx5YiSyvzAMxkEaFy:PgMwWGJtGA7LlVIGCih7Syrx+g
                                                                                                                                                                                                MD5:EE33F4C8D17D17AD62925E85097B0109
                                                                                                                                                                                                SHA1:8C4A03531CF3DBFE6F378FDAB9699D51E7888796
                                                                                                                                                                                                SHA-256:79ADCA5037D9145309D3BD19F7A26F7BB7DA716EE86E01073C6F2A9681E33DAD
                                                                                                                                                                                                SHA-512:60B0705A371AD2985DB54A91F0E904EEA502108663EA3C3FB18ED54671BE1932F4F03E8E3FD687A857A5E3500545377B036276C69E821A7D6116B327F5B3D5C1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._\...=.@.=.@.=.@.En@.=.@.A.A.=.@.A.A.=.@.A.A.=.@.@.A.=.@.A.A.=.@PE.A.=.@.=.@A=.@PE.A.=.@.@.A.=.@.@.A.=.@.@.@.=.@.@.A.=.@Rich.=.@........PE..d..._..e.........." ...#.(...:.......&....................................................`..........................................T..H....T...............p..`....`.../......t...DG..T............................C..@............@.......S..@....................text...>&.......(.................. ..`.rdata..D....@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_http_parser.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):264192
                                                                                                                                                                                                Entropy (8bit):6.209859454972578
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:qV3aFwGtxiTjweCKvJ1+jLjJML5wir++JTCuG:qV3mxi3wDArolq5wiC
                                                                                                                                                                                                MD5:40E99EAA1A21C1AA24F575855B52EEC0
                                                                                                                                                                                                SHA1:0FE9B3B93F77D045B248C36BC5B5D5117C0176B3
                                                                                                                                                                                                SHA-256:5F93DB706E799D00A3774CE14D078E272F8808867318C1183FDBE60D075D5F5D
                                                                                                                                                                                                SHA-512:FAD6BF5BBCC7C54DC792A2AB9FAEFAB77DD15233BC86A566AB0B6F27128C0B0609D0E17469F373778A7122E5015D57AE8CA67BAD1D4BD47B92FCE95A47A7AA2C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............zY..zY..zY...Y..zY.q{X..zY.v{X..zY.r{X..zY..{Y..zY.qyX..zY.q~X..zY.q.X..zYuqrX..zYuqzX..zYuq.Y..zYuqxX..zYRich..zY........................PE..d....H?g.........." ...*.(...........+....................................................`.........................................@...........x....`.......@..$............p..\...P...................................@............@...............................text....'.......(.................. ..`.rdata......@.......,..............@..@.data....@..........................@....pdata..$....@......................@..@.rsrc........`......................@..@.reloc..\....p......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_http_writer.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):49664
                                                                                                                                                                                                Entropy (8bit):5.798696651761287
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:oPriCeqBiVwVJAQ8mK4fE0UYq0olSgEDmYgRE8tJQ:oprimVJtFxEqqAmYg20JQ
                                                                                                                                                                                                MD5:1412E133574C3D73B77B4964A2A18FE3
                                                                                                                                                                                                SHA1:240E4A6149FA4AFCE7E857D5544A2A0772F9C9EB
                                                                                                                                                                                                SHA-256:9E33CAFEA557265EE254373F662ABCE9466952F0CCAE81F774A7F0D0CD34099F
                                                                                                                                                                                                SHA-512:07C50CADDF6AE80E6CD30DD810F755656D6F6965DB0F9586FD9D339FB551D1F086209495B5AB69DF6339698F585372B4459F14D9AEBF316F4E242B2D0DBD0B94
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~..T:...:...:...3.].8...+d..8...Hc..8...+d..9...+d..2...+d..6...rg..9...:........d..;....d..;....d1.;....d..;...Rich:...........PE..d....H?g.........." ...*.z...........|.......................................P............`............................................h...H...d....0....... ...............@......p...............................0...@...............P............................text....x.......z.................. ..`.rdata..20.......2...~..............@..@.data....N..........................@....pdata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_websocket\mask.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):36352
                                                                                                                                                                                                Entropy (8bit):5.654316966286352
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:3FIKmzsyA2+kEyrMxA91WZqJ91cL9U0WJtqpTHl2zwu9L6lBw81eLaZ4Y1exetk0:3ehzcnygxA91bryrczTGbw8kLssqqTH
                                                                                                                                                                                                MD5:1D59358DA065743D07FB455DE273A25E
                                                                                                                                                                                                SHA1:82E99FF22B104ED0FE067A20C1B18C04B3155254
                                                                                                                                                                                                SHA-256:148E0CFFDBCD02E3EB65A6BF2F2B9A8C45BC36C113D92CCDA40408A7D01A6DC9
                                                                                                                                                                                                SHA-512:FE21A0010A543053919419FB31DD39E810F6EBAF1BC57DC5F89645F195901F354A57EA931AA464A208BB39C1AB0A7D1AC61D60D1B5F5EFED78570FAEC46B2DE6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..T2...2...2...;.M.0...#d..0...@c..0...#d..1...#d..:...#d..>...zg..1...2........d..3....d..3....d!.3....d..3...Rich2...........................PE..d....H?g.........." ...*.N...B......`P....................................................`......................................... {..X...x{..d...................................0s...............................q..@............`...............................text....L.......N.................. ..`.rdata...)...`...*...R..............@..@.data................|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\aiohttp\_websocket\reader_c.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):161792
                                                                                                                                                                                                Entropy (8bit):6.09154494600188
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:WWN8oZXh2Y/m2/0+AMvRSDFxNYH/9Iw89qV406AgGkbJT0N6ctLU+XqiasgzvtaR:/GoVwY8M5bFIwoqRkYU0qikVXMNkqB
                                                                                                                                                                                                MD5:5B741F2BCB063D276534D43979FC8945
                                                                                                                                                                                                SHA1:7E4B63D4856BA1A720BD2CA68F0317B827E30886
                                                                                                                                                                                                SHA-256:52009B3A55DC0721D7DD70A25C04CC714CE33A954EB2964AC47E527977EECF25
                                                                                                                                                                                                SHA-512:A246CFAAC9C8D6F21C08EB9CF2F6D311747AF2F67EA6C38D6EE0C8C6CF8C78174425785C3F048038914DE1E93562697E6FEE435AFA5DF7372E0CE43DC67E72A9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b..E&...&...&.../.G."...7U..$...TR..$...7U.."...7U......7U..*...nV..%...&........U..'....U..'....U+.'....U..'...Rich&...........PE..d....H?g.........." ...*..................................................................`......................................... N..`....N..x...............D...................`<.............................. ;..@............................................text............................... ..`.rdata...f.......h..................@..@.data...X$...p.......P..............@....pdata..D............f..............@..@.rsrc................t..............@..@.reloc...............v..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\attrs-24.2.0.dist-info\INSTALLER

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4
                                                                                                                                                                                                Entropy (8bit):1.5
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Mn:M
                                                                                                                                                                                                MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:pip.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\attrs-24.2.0.dist-info\METADATA

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (411)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11524
                                                                                                                                                                                                Entropy (8bit):5.211520136058075
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ERsUfi6bkQk+k/kKkegToJWicnJsPVA1oz2dv7COmoKTACoEJdQ/0G6lWg+JdQV5:ERsXpLs3VoJWRnJsPvz2dDCHoKsLgA6z
                                                                                                                                                                                                MD5:49CABCB5F8DA14C72C8C3D00ADB3C115
                                                                                                                                                                                                SHA1:F575BECF993ECDF9C6E43190C1CB74D3556CF912
                                                                                                                                                                                                SHA-256:DC9824E25AFD635480A8073038B3CDFE6A56D3073A54E1A6FB21EDD4BB0F207C
                                                                                                                                                                                                SHA-512:923DAEEE0861611D230DF263577B3C382AE26400CA5F1830EE309BD6737EED2AD934010D61CDD4796618BEDB3436CD772D9429A5BED0A106EF7DE60E114E505C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Metadata-Version: 2.3.Name: attrs.Version: 24.2.0.Summary: Classes Without Boilerplate.Project-URL: Documentation, https://www.attrs.org/.Project-URL: Changelog, https://www.attrs.org/en/stable/changelog.html.Project-URL: GitHub, https://github.com/python-attrs/attrs.Project-URL: Funding, https://github.com/sponsors/hynek.Project-URL: Tidelift, https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi.Author-email: Hynek Schlawack <hs@ox.cx>.License-Expression: MIT.License-File: LICENSE.Keywords: attribute,boilerplate,class.Classifier: Development Status :: 5 - Production/Stable.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classifier: Programming Languag

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\attrs-24.2.0.dist-info\RECORD

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3556
                                                                                                                                                                                                Entropy (8bit):5.809424313364516
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Q9ewBtnJT/oPynEddwBbCobXm9qGmR5VXzskcGD+qLtxO:2ewnXJCKXGeR/XzKiO
                                                                                                                                                                                                MD5:4B6973D2285295CF5E3A45E64EB7A455
                                                                                                                                                                                                SHA1:1089F2F3C35303D6D5DD19F0C0F707B9609EE3F2
                                                                                                                                                                                                SHA-256:2B368DFC37283970C33CC8D4EEC129F668EB99EBF9D3AA27F49A1B149658F2B0
                                                                                                                                                                                                SHA-512:A5150ECB625A3CFDC3F22C60EB7B16FDBED01CD47505BD520491B477AE24E8C59FFAE2334948122E656F6F0A5F2AF0635B6D976241745583A3D7AF9E3781718D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:attr/__init__.py,sha256=l8Ewh5KZE7CCY0i1iDfSCnFiUTIkBVoqsXjX9EZnIVA,2087..attr/__init__.pyi,sha256=aTVHBPX6krCGvbQvOl_UKqEzmi2HFsaIVm2WKmAiqVs,11434..attr/__pycache__/__init__.cpython-312.pyc,,..attr/__pycache__/_cmp.cpython-312.pyc,,..attr/__pycache__/_compat.cpython-312.pyc,,..attr/__pycache__/_config.cpython-312.pyc,,..attr/__pycache__/_funcs.cpython-312.pyc,,..attr/__pycache__/_make.cpython-312.pyc,,..attr/__pycache__/_next_gen.cpython-312.pyc,,..attr/__pycache__/_version_info.cpython-312.pyc,,..attr/__pycache__/converters.cpython-312.pyc,,..attr/__pycache__/exceptions.cpython-312.pyc,,..attr/__pycache__/filters.cpython-312.pyc,,..attr/__pycache__/setters.cpython-312.pyc,,..attr/__pycache__/validators.cpython-312.pyc,,..attr/_cmp.py,sha256=3umHiBtgsEYtvNP_8XrQwTCdFoZIX4DEur76N-2a3X8,4123..attr/_cmp.pyi,sha256=U-_RU_UZOyPUEQzXE6RMYQQcjkZRY25wTH99sN0s7MM,368..attr/_compat.py,sha256=n2Uk3c-ywv0PkFfGlvqR7SzDXp4NOhWmNV_ZK6YfWoM,2958..attr/_config.py,sha256=z81Vt-GeT_2taxs1XZfmHx9TWlSxjP

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\attrs-24.2.0.dist-info\WHEEL

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):87
                                                                                                                                                                                                Entropy (8bit):4.730668933656452
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:RtEeXAaCTQnP+tPCCfA5I:Rt2PcnWBB3
                                                                                                                                                                                                MD5:52ADFA0C417902EE8F0C3D1CA2372AC3
                                                                                                                                                                                                SHA1:B67635615EEF7E869D74F4813B5DC576104825DD
                                                                                                                                                                                                SHA-256:D7215D7625CC9AF60AED0613AAD44DB57EBA589D0CCFC3D8122114A0E514C516
                                                                                                                                                                                                SHA-512:BFA87E7B0E76E544C2108EF40B9FAC8C5FF4327AB8EDE9FEB2891BD5D38FEA117BD9EEBAF62F6C357B4DEADDAD5A5220E0B4A54078C8C2DE34CB1DD5E00F2D62
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Wheel-Version: 1.0.Generator: hatchling 1.25.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\attrs-24.2.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1109
                                                                                                                                                                                                Entropy (8bit):5.104415762129373
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:bGf8rUrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:bW8rUaJHlxE3dQHOs5exm3ogFh
                                                                                                                                                                                                MD5:5E55731824CF9205CFABEAB9A0600887
                                                                                                                                                                                                SHA1:243E9DD038D3D68C67D42C0C4BA80622C2A56246
                                                                                                                                                                                                SHA-256:882115C95DFC2AF1EEB6714F8EC6D5CBCABF667CAFF8729F42420DA63F714E9F
                                                                                                                                                                                                SHA-512:21B242BF6DCBAFA16336D77A40E69685D7E64A43CC30E13E484C72A93CD4496A7276E18137DC601B6A8C3C193CB775DB89853ECC6D6EB2956DEEE36826D5EBFE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:The MIT License (MIT)..Copyright (c) 2015 Hynek Schlawack and the attrs contributors..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHE

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\base_library.zip

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1329520
                                                                                                                                                                                                Entropy (8bit):5.586627513342047
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:uttcY+b+2OGgRF1+fYNXPh26UZWAzCu7jqD9KwdgkVDdYuP0whsA9gCCaYchQ:uttcY+PnCiCAqoNqDdYuPVzEaYchQ
                                                                                                                                                                                                MD5:9B3C32B54CF69405030D2F787FB0C7DF
                                                                                                                                                                                                SHA1:B2D906EF86EECEB934E84ACA6985599854B70AE1
                                                                                                                                                                                                SHA-256:7A55058782C4FEBED8EA12B4CAFF9257ED22F22B3E25BA80593E4265A1E099E8
                                                                                                                                                                                                SHA-512:40ABBAFA11E80E83514DB17342B0271C4FD23C2380EC7BCAE97F318101561EF64F964BAEC7A6D2AD74111572473C6A728277CEBDEA8BDBEC3192D6A0A958A462
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\certifi\cacert.pem

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):299427
                                                                                                                                                                                                Entropy (8bit):6.047872935262006
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10752
                                                                                                                                                                                                Entropy (8bit):4.817893239381772
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:MRv9XFCk2z1/t12iwU5usJFcCyD9cqgE:aVVC5djuUFJKtgE
                                                                                                                                                                                                MD5:71D96F1DBFCD6F767D81F8254E572751
                                                                                                                                                                                                SHA1:E70B74430500ED5117547E0CD339D6E6F4613503
                                                                                                                                                                                                SHA-256:611E1B4B9ED6788640F550771744D83E404432830BB8E3063F0B8EC3B98911AF
                                                                                                                                                                                                SHA-512:7B10E13B3723DB0E826B7C7A52090DE999626D5FA6C8F9B4630FDEEF515A58C40660FA90589532A6D4377F003B3CB5B9851E276A0B3C83B9709E28E6A66A1D32
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d... $.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):124928
                                                                                                                                                                                                Entropy (8bit):5.935676608756784
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:BETt3OiaqGB7QNX6Pq4a461TDqFRgMzrOH+d3gdy2iIeP/j3bhouROm:Bmt+is7QNqP1ab1TGb9g/iI4bhouROm
                                                                                                                                                                                                MD5:D8F690EAE02332A6898E9C8B983C56DD
                                                                                                                                                                                                SHA1:112C1FE25E0D948F767E02F291801C0E4AE592F0
                                                                                                                                                                                                SHA-256:C6BB8CAD80B8D7847C52931F11D73BA64F78615218398B2C058F9B218FF21CA9
                                                                                                                                                                                                SHA-512:E732F79F39BA9721CC59DBE8C4785FFD74DF84CA00D13D72AFA3F96B97B8C7ADF4EA9344D79EE2A1C77D58EF28D3DDCC855F3CB13EDDA928C17B1158ABCC5B4A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........yB....................7...............7.......7.......7.......6..........C....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........B.......................................0............`.............................................d.................................... ......@...................................@............P...............................text....>.......@.................. ..`.rdata..PY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography-43.0.3.dist-info\INSTALLER

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4
                                                                                                                                                                                                Entropy (8bit):1.5
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Mn:M
                                                                                                                                                                                                MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:pip.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography-43.0.3.dist-info\METADATA

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5440
                                                                                                                                                                                                Entropy (8bit):5.074230645519915
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:DloQIUQIhQIKQILbQIRIaMPktjaVxsxA2TLLDmplH7dwnqTIvrUmA0JQTQCQx5KN:RcPuP1srTLLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                MD5:C891CD93024AF027647E6DE89D0FFCE2
                                                                                                                                                                                                SHA1:01D8D6F93F1B922A91C82D4711BCEFB885AD47B0
                                                                                                                                                                                                SHA-256:EB36E0E4251E8479EF36964440755EF22BEDD411BA87A93F726FA8E5BB0E64B0
                                                                                                                                                                                                SHA-512:3386FBB3DCF7383B2D427093624C531C50BE34E3E0AA0984547B953E04776D0D431D5267827F4194A9B0AD1AB897869115623E802A6A1C5D2AE1AD82C96CCE71
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.3.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography-43.0.3.dist-info\RECORD

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15579
                                                                                                                                                                                                Entropy (8bit):5.5664904316569785
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:1XeTBL1z5jF4E9VqhXJZ4WPB6s7B0Ppz+NX6in5Lqw/I+B:1XkL1hCEsJrPB6s7B0Ppz+96innVB
                                                                                                                                                                                                MD5:4DECFB7B4491D572BFEF7359B48F44FC
                                                                                                                                                                                                SHA1:A4A4D4BF35021D7402922CA58E1E29AE564524FD
                                                                                                                                                                                                SHA-256:2538AB429E324FDDEAC70C8C511E24E9FAF5DC8D531D910B1A6FF17C13C5D536
                                                                                                                                                                                                SHA-512:CE05550E47B778EAB691191A9B08C53F4BE8C3F371C5831B901D17535237A45E46F8362A1BC365DBDEF45FF7AFF475EAA4517FB43F715A4F92481F014EF2E18F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:cryptography-43.0.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.3.dist-info/METADATA,sha256=6zbg5CUehHnvNpZEQHVe8ivt1BG6h6k_cm-o5bsOZLA,5440..cryptography-43.0.3.dist-info/RECORD,,..cryptography-43.0.3.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-43.0.3.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.3.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.3.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.3.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=-FkHKD9mSuEfH37wsSKnQzJZmL5zUAUTpB5OeUQjPE0,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-312.pyc,,..cryptography/__pycache__/__ini

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography-43.0.3.dist-info\WHEEL

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):94
                                                                                                                                                                                                Entropy (8bit):5.016084900984752
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                                MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                                SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                                SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                                SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography-43.0.3.dist-info\license_files\LICENSE

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):197
                                                                                                                                                                                                Entropy (8bit):4.61968998873571
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography-43.0.3.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11360
                                                                                                                                                                                                Entropy (8bit):4.426756947907149
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography-43.0.3.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1532
                                                                                                                                                                                                Entropy (8bit):5.058591167088024
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7834624
                                                                                                                                                                                                Entropy (8bit):6.517862303223651
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:oFNZj7fIo9W67PapgzJTkrXyzNzpXAbuiqCgIns3mYEXEqMrIU6i7GtlqdVwASO/:QI9X/gIFYEXME+oFNr5VQCJheq4BsxH
                                                                                                                                                                                                MD5:BFD28B03A4C32A9BCB001451FD002F67
                                                                                                                                                                                                SHA1:DD528FD5F4775E16B2E743D3188B66F1174807B2
                                                                                                                                                                                                SHA-256:8EF0F404A8BFF12FD6621D8F4F209499613F565777FE1C2A680E8A18F312D5A7
                                                                                                                                                                                                SHA-512:6DC39638435F147B399826E34F78571D7ED2ED1232275E213A2B020224C0645E379F74A0CA5DE86930D3348981C8BB03BBBECFA601F8BA781417E7114662DDEE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.b.6...6...6...?..$...&9..4...&9..2...&9..>...&9..'...}...8...Y<..5...6...2...~8..I...6.......~8..7...~8..7...Rich6...........PE..d......g.........." ...)..Y..$........W.......................................w...........`..........................................q.....l.q.............. s...............w......zi.T....................{i.(...Pyi.@.............Y..............................text...k.Y.......Y................. ..`.rdata...A....Y..B....Y.............@..@.data...@+....q.......q.............@....pdata....... s.......r.............@..@.reloc........w.......v.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\frozenlist\_frozenlist.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):87040
                                                                                                                                                                                                Entropy (8bit):5.9471652810047235
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:NIf505ZC316pwJV0Jzn4pyOJ8RMrpLkFb0GZi8fR3px7F:Q66gFlmrpLkFwGTp3pt
                                                                                                                                                                                                MD5:5A5BD0B8845F5A47ECFC2C55ABE7413C
                                                                                                                                                                                                SHA1:D4B2E85D30480573FEFBC413C4F7B81FA67115E1
                                                                                                                                                                                                SHA-256:8BE6E6CC104018C0DC1AE0694330F44B94FABB6C50EEC086373DDF24117D78A7
                                                                                                                                                                                                SHA-512:B2C24C3C5D59A4987F36DFCF677227C020BB632B7155E99D7405516BD855B03965F3FC3558E8637DA1B4E65E7EF7C5D2EA33B338BAEAE72F62017ED682D19651
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.5VK.fVK.fVK.f_3DfRK.fF..gTK.f.3.gTK.fF..gUK.fF..g^K.fF..g[K.f...gUK.fVK.f.K.f...gWK.f...gWK.f..(fWK.f...gWK.fRichVK.f........PE..d.....g.........." ...).....v............................................................`..........................................7..h...x7..x............p..(....................&..............................P%..@...............@............................text............................... ..`.rdata...J.......L..................@..@.data...h....P.......6..............@....pdata..(....p.......D..............@..@.rsrc................P..............@..@.reloc...............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\libcrypto-3.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5162776
                                                                                                                                                                                                Entropy (8bit):5.958207976652471
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:S3+FRtLtlVriXpshX179Cahd4tC9P1+1CPwDvt3uFlDCi:ASRtLtvd99Cahd4tC9w1CPwDvt3uFlDz
                                                                                                                                                                                                MD5:51E8A5281C2092E45D8C97FBDBF39560
                                                                                                                                                                                                SHA1:C499C810ED83AAADCE3B267807E593EC6B121211
                                                                                                                                                                                                SHA-256:2A234B5AA20C3FAECF725BBB54FB33F3D94543F78FA7045408E905593E49960A
                                                                                                                                                                                                SHA-512:98B91719B0975CB38D3B3C7B6F820D184EF1B64D38AD8515BE0B8B07730E2272376B9E51631FE9EFD9B8A1709FEA214CF3F77B34EEB9FD282EB09E395120E7CB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./',.kFB.kFB.kFB.b>..yFB..:C.iFB..:G.gFB..:F.cFB..:A.oFB.kFC..FB. >C.`FB.;A.KFB.;F..EB.;B.jFB.;..jFB.;@.jFB.RichkFB.........................PE..d...x..e.........." ...#..6..*......v.........................................O.......O...`.........................................0.G.0.....M.@....0N.|.....K.\.....N../...@N.....PsC.8............................qC.@.............M..............................text...4.6.......6................. ..`.rdata..`.....6.......6.............@..@.data....n....J..<....J.............@....pdata........K.......J.............@..@.idata...%....M..&....M.............@..@.00cfg..u.... N.......M.............@..@.rsrc...|....0N.......M.............@..@.reloc..k....@N.......M.............@..B................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\libffi-8.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):39696
                                                                                                                                                                                                Entropy (8bit):6.641880464695502
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\libssl-3.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):790296
                                                                                                                                                                                                Entropy (8bit):5.607732992846443
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:7aO1lo7USZGjweMMHO4+xuVg7gCl2VdhMd1DdwMVn4TERUr3zgKpJJ/wknofFe9A:FkeMKOr97gCAE35gEGzLpwknofFe9XbE
                                                                                                                                                                                                MD5:BFC834BB2310DDF01BE9AD9CFF7C2A41
                                                                                                                                                                                                SHA1:FB1D601B4FCB29FF1B13B0D2ED7119BD0472205C
                                                                                                                                                                                                SHA-256:41AD1A04CA27A7959579E87FBBDA87C93099616A64A0E66260C983381C5570D1
                                                                                                                                                                                                SHA-512:6AF473C7C0997F2847EBE7CEE8EF67CD682DEE41720D4F268964330B449BA71398FDA8954524F9A97CC4CDF9893B8BDC7A1CF40E9E45A73F4F35A37F31C6A9C3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T..T..T..].3.Z....V......V....X....\....P....W..T..I....e....U.._.U....U..RichT..........PE..d......e.........." ...#.6..........K........................................0.......w....`..........................................w...Q..............s.... ..pM......./......`... ...8...............................@............................................text....4.......6.................. ..`.rdata...y...P...z...:..............@..@.data....N.......H..................@....pdata..XV... ...X..................@..@.idata..bc.......d...T..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..?...........................@..B................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\multidict\_multidict.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):46592
                                                                                                                                                                                                Entropy (8bit):5.417086235508803
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:67CE1/NMVzMoCQVbrw0k6To3OOG/B+jPSrSRNj4bSM2V:QruzMoNrNTo3OOG/eRF4be
                                                                                                                                                                                                MD5:4EED96BBB1C4B6D63F50C433E9C0A16A
                                                                                                                                                                                                SHA1:CDE34E8F1DAC7F4E98D2B0AAF1186C6938DE06C3
                                                                                                                                                                                                SHA-256:B521B7E3B6BED424A0719C36735BC4BF2BB8B0926370B31C221C604E81F8D78B
                                                                                                                                                                                                SHA-512:1CACB250D867FCBBC5224C3F66CB23A93F818BC1D0524CAD6D1C52295D243AF10F454FDE13FA58671D3EE62281A2A3F71A69F28B08FD942FCEDBA3C9B09A774A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v`.2...2...2...;y..0..."...0...yy..0..."...1..."...:..."...9...!...1...2...G...z...3...z...3...z.s.3...z...3...Rich2...................PE..d....}.f.........." ...).\...^...... `....................................................`.............................................d...$...d...............x...............,...................................P...@............p...............................text....[.......\.................. ..`.rdata...+...p...,...`..............@..@.data...."..........................@....pdata..x...........................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\propcache\_helpers_c.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):75264
                                                                                                                                                                                                Entropy (8bit):5.884143909360528
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:lqJRuicm7rbNAx366qHC2ajmjZ1mQpheRx/gF:lqJRuiTHpq5qi2amd1XpheRx/gF
                                                                                                                                                                                                MD5:93CCD2B7284BDC745F1ADBB8F0927F26
                                                                                                                                                                                                SHA1:30043D4DAD9A909B2D0841D279F5266F00315AD9
                                                                                                                                                                                                SHA-256:C8C7C9259A47961321B6D913B3CB70215A37B9CFF1DBDE9E9CBC3250C1B5AD77
                                                                                                                                                                                                SHA-512:1DD365345FF334183A1A4AD959EC07A732836D6F1768E935462F0EA62F24F50EE62FB1324FCD813EF7BC40ED092C33F5D5BF70B8D016B67BE9A9274DAD2868D6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T........?..............................................W.................S.........Rich..........................PE..d...V..g.........." ...).....l...............................................p............`.............................................d.......d....P.......@...............`..T...@...................................@............................................text...H........................... ..`.rdata..*E.......F..................@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc..T....`.......$..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\psutil\_psutil_windows.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):67072
                                                                                                                                                                                                Entropy (8bit):5.909456553599775
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                                MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                                SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                                SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                                SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\pyexpat.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):200472
                                                                                                                                                                                                Entropy (8bit):6.382659996286758
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:mhaQEuYCUDWuc7VmkqrgVrLJEKAAKJadAT0nIgjWdopPb/+mVApIGLhSZ:yaJh6v7VRVrLJEKAABiuXKd4GE
                                                                                                                                                                                                MD5:F554064233C082F98EF01195693D967D
                                                                                                                                                                                                SHA1:F191D42807867E0174DDC66D04C45250D9F6561E
                                                                                                                                                                                                SHA-256:E1D56FFBF5E5FAB481D7A14691481B8FF5D2F4C6BF5D1A4664C832756C5942FE
                                                                                                                                                                                                SHA-512:3573A226305CEC45333FC4D0E6FC0C3357421AD77CD8A1899C90515994351292EE5D1C445412B5563AA02520736E870A9EE879909CD992F5BE32E877792BDB88
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................g.................................h.......................h.......h.......h.......h.......Rich....................PE..d...Z..e.........." ...#............0...............................................2.....`.............................................P...`............................/..........P4..T............................3..@............ ...............................text.../........................... ..`.rdata..4.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\python3.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):68376
                                                                                                                                                                                                Entropy (8bit):6.14883904573939
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:3V1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/J:3DmF61JFn+/OipIGL0m7Sy0xG
                                                                                                                                                                                                MD5:77896345D4E1C406EEFF011F7A920873
                                                                                                                                                                                                SHA1:EE8CDD531418CFD05C1A6792382D895AC347216F
                                                                                                                                                                                                SHA-256:1E9224BA7190B6301EF47BEFA8E383D0C55700255D04A36F7DAC88EA9573F2FB
                                                                                                                                                                                                SHA-512:3E98B1B605D70244B42A13A219F9E124944DA199A88AD4302308C801685B0C45A037A76DED319D08DBF55639591404665BEFE2091F0F4206A9472FEE58D55C22
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C..."e.."e.."e.0_m.."e.0_e.."e.0_..."e.0_g.."e.Rich."e.................PE..d...@..e.........." ...#............................................................q.....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\python312.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6972184
                                                                                                                                                                                                Entropy (8bit):5.774196030396665
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:B6vwRS7fYzmSSVlLWyJVT7OQvxHDMiEPlk:8vwRHTSVlfJVmir
                                                                                                                                                                                                MD5:5C5602CDA7AB8418420F223366FFF5DB
                                                                                                                                                                                                SHA1:52F81EE0AEF9B6906F7751FD2BBD4953E3F3B798
                                                                                                                                                                                                SHA-256:E7890E38256F04EE0B55AC5276BBF3AC61392C3A3CE150BB5497B709803E17CE
                                                                                                                                                                                                SHA-512:51C3B4F29781BB52C137DDB356E1BC5A37F3A25F0ED7D89416B14ED994121F884CB3E40CCDBB211A8989E3BD137B8DF8B28E232F98DE8F35B03965CFCE4B424F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................m.................x...s...x......x......x......Rich............PE..d...=..e.........." ...#..(..6B.....l........................................@k.......k...`......................................... .O.......O.......i......``..V...4j../....i..X.. I3.T....................7I.(....G3.@.............(..............................text...V.(.......(................. ..`.rdata...A'...(..B'...(.............@..@.data....4... P..x....O.............@....pdata...V...``..X...v_.............@..@PyRuntim......b.......a.............@....rsrc.........i.......h.............@..@.reloc...X....i..Z....h.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\pywin32_system32\pywintypes312.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):136192
                                                                                                                                                                                                Entropy (8bit):6.007891413043079
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:ZaklTxm5xclSlX8fY/r06Yr0UWm63ELUAXkXrT4:wklTxm5xAhY/rkwNm2E4AXk
                                                                                                                                                                                                MD5:DA0E290BA30FE8CC1A44EEEFCF090820
                                                                                                                                                                                                SHA1:D38FCCD7D6F54AA73BD21F168289D7DCE1A9D192
                                                                                                                                                                                                SHA-256:2D1D60B996D1D5C56C24313D97E0FCDA41A8BD6BF0299F6EA4EB4A1E25D490B7
                                                                                                                                                                                                SHA-512:BC031D61E5772C60CBAC282D05F76D81AF1AA2A29A8602C2EFA05FC0CE1079390999336237560B408E6539A77C732F5066C1590B7FEAEDB24BAA9371783F2A8F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.I+.z'x.z'x.z'x...x.z'xW.&y.z'xc..x.z'xW."y.z'xW.#y.z'xW.$y.z'xN.#y.z'xM.&y.z'xN.&y.z'x.z&x.z'x...y.z'x..'y.z'x..%y.z'xRich.z'x................PE..d......g.........." .........................................................`............`.........................................0...lB......,....@..l.... ...............P..0....a..T............................b..8............................................text...I........................... ..`.rdata..(...........................@..@.data....-.......(..................@....pdata....... ......................@..@.rsrc...l....@......................@..@.reloc..0....P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\select.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):31000
                                                                                                                                                                                                Entropy (8bit):6.531624163477087
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:s7ENJKHq1vv38pIGQGE5YiSyvTcAMxkEMrX:s7ENJKK1vv38pIGQGO7Syb6xuX
                                                                                                                                                                                                MD5:BFFFF83A000BAF559F3EB2B599A1B7E8
                                                                                                                                                                                                SHA1:7F9238BDA6D0C7CC5399C6B6AB3B42D21053F467
                                                                                                                                                                                                SHA-256:BC71FBDFD1441D62DD86D33FF41B35DC3CC34875F625D885C58C8DC000064DAB
                                                                                                                                                                                                SHA-512:3C0BA0CF356A727066AE0D0D6523440A882AAFB3EBDF70117993EFFD61395DEEBF179948F8C7F5222D59D1ED748C71D9D53782E16BD2F2ECCC296F2F8B4FC948
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........t.q|'.q|'.q|'...'.q|'q.}&.q|'q.y&.q|'q.x&.q|'q..&.q|'..}&.q|'.q}'.q|'..}&.q|'..q&.q|'..|&.q|'...'.q|'..~&.q|'Rich.q|'........PE..d...Z..e.........." ...#.....2............................................................`..........................................@..L...,A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text...v........................... ..`.rdata.......0......................@..@.data........P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4
                                                                                                                                                                                                Entropy (8bit):1.5
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Mn:M
                                                                                                                                                                                                MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:pip.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\LICENSE

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11358
                                                                                                                                                                                                Entropy (8bit):4.4267168336581415
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                                MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                                SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                                SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                                SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\METADATA

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4648
                                                                                                                                                                                                Entropy (8bit):5.006900644756252
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Dx2ZSaCSmS8R902Vpnu386eLQ9Ac+fFZpDN00x2jZ2SBXZJSwTE:9Smzf02Vpnu386mQ9B+TP0vJHJSwTE
                                                                                                                                                                                                MD5:98ABEAACC0E0E4FC385DFF67B607071A
                                                                                                                                                                                                SHA1:E8C830D8B0942300C7C87B3B8FD15EA1396E07BD
                                                                                                                                                                                                SHA-256:6A7B90EFFEE1E09D5B484CDF7232016A43E2D9CC9543BCBB8E494B1EC05E1F59
                                                                                                                                                                                                SHA-512:F1D59046FFA5B0083A5259CEB03219CCDB8CC6AAC6247250CBD83E70F080784391FCC303F7630E1AD40E5CCF5041A57CB9B68ADEFEC1EBC6C31FCF7FFC65E9B7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Metadata-Version: 2.1.Name: importlib_metadata.Version: 8.0.0.Summary: Read metadata from Python packages.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/python/importlib_metadata.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: perf.Requires-D

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\RECORD

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2518
                                                                                                                                                                                                Entropy (8bit):5.6307766747793275
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:UnuXTg06U5J/Vw9l/gfNX7/XzBk9pvJq/fwJOfYrBfnJ/V0XJnzN/3WJV:bXzP/EgdzzBkDJsoIYrBfJ/CXNz9qV
                                                                                                                                                                                                MD5:EB513CAFA5226DDA7D54AFDCC9AD8A74
                                                                                                                                                                                                SHA1:B394C7AEC158350BAF676AE3197BEF4D7158B31C
                                                                                                                                                                                                SHA-256:0D8D3C6EEB9EBBE86CAC7D60861552433C329DA9EA51248B61D02BE2E5E64030
                                                                                                                                                                                                SHA-512:A0017CFAFF47FDA6067E3C31775FACEE4728C3220C2D4BD70DEF328BD20AA71A343E39DA15CD6B406F62311894C518DFCF5C8A4AE6F853946F26A4B4E767924E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:importlib_metadata-8.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-8.0.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-8.0.0.dist-info/METADATA,sha256=anuQ7_7h4J1bSEzfcjIBakPi2cyVQ7y7jklLHsBeH1k,4648..importlib_metadata-8.0.0.dist-info/RECORD,,..importlib_metadata-8.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_metadata-8.0.0.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91..importlib_metadata-8.0.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=tZNB-23h8Bixi9uCrQqj9Yf0aeC--Josdy3IZRIQeB0,33798..importlib_metadata/__pycache__/__init__.cpython-312.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-312.pyc,,..importlib_metadata/__pycache__/_collections.cpython-312.pyc,,..importlib_metadata/__pycache__/_compat.cpython-312.pyc,,..importlib_metadata/__pycac

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\WHEEL

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):91
                                                                                                                                                                                                Entropy (8bit):4.687870576189661
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:RtEeXMRYFAVLMvhRRP+tPCCfA5S:RtC1VLMvhjWBBf
                                                                                                                                                                                                MD5:7D09837492494019EA51F4E97823D79F
                                                                                                                                                                                                SHA1:7829B4324BB542799494131A270EC3BDAD4DEDEF
                                                                                                                                                                                                SHA-256:9A0B8C95618C5FE5479CCA4A3A38D089D228D6CB1194216EE1AE26069CF5B363
                                                                                                                                                                                                SHA-512:A0063220ECDD22C3E735ACFF6DE559ACF3AC4C37B81D37633975A22A28B026F1935CD1957C0FF7D2ECC8B7F83F250310795EECC5273B893FFAB115098F7B9C38
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Wheel-Version: 1.0.Generator: setuptools (70.1.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\top_level.txt

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19
                                                                                                                                                                                                Entropy (8bit):3.536886723742169
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:JSej0EBERG:50o4G
                                                                                                                                                                                                MD5:A24465F7850BA59507BF86D89165525C
                                                                                                                                                                                                SHA1:4E61F9264DE74783B5924249BCFE1B06F178B9AD
                                                                                                                                                                                                SHA-256:08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
                                                                                                                                                                                                SHA-512:ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:importlib_metadata.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (888)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1335
                                                                                                                                                                                                Entropy (8bit):4.226823573023539
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:FP6Hbz+g9RPZ14bJi04L6GEbX4UQF4UkZQhxI2EIhNyu:9E+i6bJmLm43+Uxxnh0u
                                                                                                                                                                                                MD5:4CE7501F6608F6CE4011D627979E1AE4
                                                                                                                                                                                                SHA1:78363672264D9CD3F72D5C1D3665E1657B1A5071
                                                                                                                                                                                                SHA-256:37FEDCFFBF73C4EB9F058F47677CB33203A436FF9390E4D38A8E01C9DAD28E0B
                                                                                                                                                                                                SHA-512:A4CDF92725E1D740758DA4DD28DF5D1131F70CEF46946B173FE6956CC0341F019D7C4FECC3C9605F354E1308858721DADA825B4C19F59C5AD1CE01AB84C46B24
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum..Curabitur pretium tincidunt lacus. Nulla gravida orci a odio. Nullam varius, turpis et commodo pharetra, est eros bibendum elit, nec luctus magna felis sollicitudin mauris. Integer in mauris eu nibh euismod gravida. Duis ac tellus et risus vulputate vehicula. Donec lobortis risus a elit. Etiam tempor. Ut ullamcorper, ligula eu tempor congue, eros est euismod turpis, id tincidunt sapien risus a quam. Maecenas fermentum consequat mi. Donec fermentum. Pellentesque malesuada nulla a mi. Duis sapien sem, aliquet nec, commodo eget, consequat quis, neque.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\wheel-0.43.0.dist-info\INSTALLER

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4
                                                                                                                                                                                                Entropy (8bit):1.5
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Mn:M
                                                                                                                                                                                                MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:pip.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1107
                                                                                                                                                                                                Entropy (8bit):5.115074330424529
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                                                MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                                                SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                                                SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                                                SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\wheel-0.43.0.dist-info\METADATA

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2153
                                                                                                                                                                                                Entropy (8bit):5.088249746074878
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
                                                                                                                                                                                                MD5:EBEA27DA14E3F453119DC72D84343E8C
                                                                                                                                                                                                SHA1:7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
                                                                                                                                                                                                SHA-256:59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
                                                                                                                                                                                                SHA-512:A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\wheel-0.43.0.dist-info\RECORD

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4557
                                                                                                                                                                                                Entropy (8bit):5.714200636114494
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
                                                                                                                                                                                                MD5:44D352C4997560C7BFB82D9360F5985A
                                                                                                                                                                                                SHA1:BE58C7B8AB32790384E4E4F20865C4A88414B67A
                                                                                                                                                                                                SHA-256:783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
                                                                                                                                                                                                SHA-512:281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\wheel-0.43.0.dist-info\WHEEL

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):81
                                                                                                                                                                                                Entropy (8bit):4.672346887071811
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                                MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                                SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                                SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                                SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\setuptools\_vendor\wheel-0.43.0.dist-info\entry_points.txt

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):104
                                                                                                                                                                                                Entropy (8bit):4.271713330022269
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
                                                                                                                                                                                                MD5:6180E17C30BAE5B30DB371793FCE0085
                                                                                                                                                                                                SHA1:E3A12C421562A77D90A13D8539A3A0F4D3228359
                                                                                                                                                                                                SHA-256:AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
                                                                                                                                                                                                SHA-512:69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\sqlite3.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1504024
                                                                                                                                                                                                Entropy (8bit):6.578874733366613
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:95WQyUuqjJVKMXijWRwtHHofIyEcL/2m75i5zxHWc9C08lY8ore60hH:9b0yVKMyjWR6nofQm7U59HWKYY8
                                                                                                                                                                                                MD5:82EA0259009FF75BBA817BD8C15C7588
                                                                                                                                                                                                SHA1:04C49687D8241B43AE61A6C59299255EF09A7B39
                                                                                                                                                                                                SHA-256:8AA8B909A39FCC33D1EC2AD51EAC6714A318C6EFD04F963D21B75D8F64809AD6
                                                                                                                                                                                                SHA-512:1F8B3343898462E385D25E1820A3D7D971D633933E482EA9FFC596E7E1F902F5657A9F2C104CF320EEEF34CCE814261304E2E1C063BE4C6A807ADC9B75F3E670
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W..W..W..^.P.[....U....Z...._.....S.....T..W........V.....V....<.V......V..RichW..........................PE..d......e.........." ...#..................................................................`.........................................Px...".............................../...........*..T............................(..@...............8............................text............................... ..`.rdata..............................@..@.data...PG.......>..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\unicodedata.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1137944
                                                                                                                                                                                                Entropy (8bit):5.462221778372869
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:IFrEHdcM6hbZCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfctZq:IFrEXcCjfk7bPNfv42BN6yzUtZq
                                                                                                                                                                                                MD5:A1388676824CE6347D31D6C6A7A1D1B5
                                                                                                                                                                                                SHA1:27DD45A5C9B7E61BB894F13193212C6D5668085B
                                                                                                                                                                                                SHA-256:2480A78815F619A631210E577E733C9BAFECB7F608042E979423C5850EE390FF
                                                                                                                                                                                                SHA-512:26EA1B33F14F08BB91027E0D35AC03F6203B4DFEEE602BB592C5292AB089B27FF6922DA2804A9E8A28E47D4351B32CF93445D894F00B4AD6E2D0C35C6C7F1D89
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w...3m..3m..3m..:...5m......1m......>m......;m......0m......0m..x...1m..3m..cm......2m......2m....j.2m......2m..Rich3m..................PE..d...]..e.........." ...#.>..........`*.......................................p.......%....`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data...X.... ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\win32\win32api.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):133632
                                                                                                                                                                                                Entropy (8bit):5.874056262688227
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:LqnAWHjDQCj8ilDiv+zQQoMlRVFhLaNzvvA5sqQvml1RhkmrAte:L1ojDHjllCrMlRVgvY5sqQeRhkmrA
                                                                                                                                                                                                MD5:E9D8AB0E7867F5E0D40BD474A5CA288C
                                                                                                                                                                                                SHA1:E7BDF1664099C069CEEA18C2922A8DB049B4399A
                                                                                                                                                                                                SHA-256:DF724F6ABD66A0549415ABAA3FDF490680E6E0CE07584E964B8BFD01E187B487
                                                                                                                                                                                                SHA-512:49B17E11D02AE99583F835B8ECF526CF1CF9CEAB5D8FAC0FBFAF45411AC43F0594F93780AE7F6CB3EBBC169A91E81DD57A37C48A8CD5E2653962FFBDCF9879BB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V.........................................+..........................................Rich...........PE..d...!..g.........." .........................................................P............`......................................... ................0..\.......X............@..X....v..T............................;..8............0..........@....................text............................... ..`.rdata..2....0......................@..@.data...X(......."..................@....pdata..X...........................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI58282\yarl\_quoting_c.cp312-win_amd64.pyd

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):97280
                                                                                                                                                                                                Entropy (8bit):6.009362786457499
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:hA6zeuPEpCbl4DlaAw/AlDNTXBUhF5dYLprRD0WcpipPmlK:hA6jPEUbOwajI5dsOWcpipPe
                                                                                                                                                                                                MD5:34BEE8FDC3AB28504FE568D886F846DA
                                                                                                                                                                                                SHA1:C43EE4ADBE83571E17867DD277DD18CB42E1A6B7
                                                                                                                                                                                                SHA-256:B4C2ADF4BD70A41C0CBB6D1296303AB66169CD52633F514164E755711F0648FB
                                                                                                                                                                                                SHA-512:1C1013B0EF7D7BA3B01D7CA19A06F808234F3E51C1346AAC57641D2FCC03B4F4E129066D17135F91E56D3092E18FFF77740D4B5E323B5E670ADB8B3E69BDF36C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........]..............*.........................................................^.....................F.............Rich............................PE..d....@?g.........." ...*..................................................................`.........................................0X..d....X..x...............................,...0H...............................F..@............ ...............................text............................... ..`.rdata...M... ...N..................@..@.data....6...p.......`..............@....pdata...............l..............@..@.rsrc................x..............@..@.reloc..,............z..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                General

                                                                                                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Entropy (8bit):7.996839328507881
                                                                                                                                                                                                TrID:
                                                                                                                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                File name:WVuXCNNYG0.exe
                                                                                                                                                                                                File size:18'166'844 bytes
                                                                                                                                                                                                MD5:5b0d552a08e6eb471f4e487850e9cb67
                                                                                                                                                                                                SHA1:c50781da99d8ddecdecfb178a31c50f5058c689e
                                                                                                                                                                                                SHA256:9a1f48d7d46330d1ff34092ed6118cbfdf48e615cc86c47f09fe6c28e066ed3d
                                                                                                                                                                                                SHA512:dc7ee583517cc12f15f9491acace46dc65ac6fe3299c175d043446a796696b82f2df4e37f7ac71236504a3fa9aa9cc8fae150477cde5352f03f1fb2c88f8251b
                                                                                                                                                                                                SSDEEP:393216:h9Yi54urLe63hucnW+eGQRn9josCBGc3vW7JTXN6u6K2:h9Yi5Rr73hrnW+e5Rn9MTa96u6p
                                                                                                                                                                                                TLSH:0F073398E5D85CC1D4F2993FD9E18107DA73FC1117B0CE8B17B9A5A32EA71C45A3EA20
                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d..

                                                                                                                                                                                                File Icon

                                                                                                                                                                                                Icon Hash:4a464cd47461e179

                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                General

                                                                                                                                                                                                Entrypoint:0x14000ce20
                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                Time Stamp:0x674BB0B4 [Sun Dec 1 00:41:24 2024 UTC]
                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                Instruction
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                call 00007F05DCE77D4Ch
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                jmp 00007F05DCE7796Fh
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                call 00007F05DCE78118h
                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                je 00007F05DCE77B13h
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                mov eax, dword ptr [00000030h]
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                jmp 00007F05DCE77AF7h
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                cmp ecx, eax
                                                                                                                                                                                                je 00007F05DCE77B06h
                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                cmpxchg dword ptr [0003570Ch], ecx
                                                                                                                                                                                                jne 00007F05DCE77AE0h
                                                                                                                                                                                                xor al, al
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                ret
                                                                                                                                                                                                mov al, 01h
                                                                                                                                                                                                jmp 00007F05DCE77AE9h
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                test ecx, ecx
                                                                                                                                                                                                jne 00007F05DCE77AF9h
                                                                                                                                                                                                mov byte ptr [000356F5h], 00000001h
                                                                                                                                                                                                call 00007F05DCE77245h
                                                                                                                                                                                                call 00007F05DCE78530h
                                                                                                                                                                                                test al, al
                                                                                                                                                                                                jne 00007F05DCE77AF6h
                                                                                                                                                                                                xor al, al
                                                                                                                                                                                                jmp 00007F05DCE77B06h
                                                                                                                                                                                                call 00007F05DCE8504Fh
                                                                                                                                                                                                test al, al
                                                                                                                                                                                                jne 00007F05DCE77AFBh
                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                call 00007F05DCE78540h
                                                                                                                                                                                                jmp 00007F05DCE77ADCh
                                                                                                                                                                                                mov al, 01h
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                ret
                                                                                                                                                                                                int3
                                                                                                                                                                                                int3
                                                                                                                                                                                                inc eax
                                                                                                                                                                                                push ebx
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                sub esp, 20h
                                                                                                                                                                                                cmp byte ptr [000356BCh], 00000000h
                                                                                                                                                                                                mov ebx, ecx
                                                                                                                                                                                                jne 00007F05DCE77B59h
                                                                                                                                                                                                cmp ecx, 01h
                                                                                                                                                                                                jnbe 00007F05DCE77B5Ch
                                                                                                                                                                                                call 00007F05DCE7808Eh
                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                je 00007F05DCE77B1Ah
                                                                                                                                                                                                test ebx, ebx
                                                                                                                                                                                                jne 00007F05DCE77B16h
                                                                                                                                                                                                dec eax
                                                                                                                                                                                                lea ecx, dword ptr [000356A6h]
                                                                                                                                                                                                call 00007F05DCE84E42h

                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca340x78.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xf41c.rsrc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2238.pdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x764.reloc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                Sections

                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                .text0x10000x29f700x2a000b8c3814c5fb0b18492ad4ec2ffe0830aFalse0.5518740699404762data6.489205819736506IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .rdata0x2b0000x12a280x12c00b6256c1811c36aa8ee1746d3fd9ad285False0.5242838541666667data5.7507813103681515IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .pdata0x440000x22380x24009cd1eac931545f28ab09329f8bfce843False0.4697265625data5.2645170849678795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .rsrc0x470000xf41c0xf600455788c285fcfdcb4008bc77e762818aFalse0.803099593495935data7.5549760623589695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .reloc0x570000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                Resources

                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                RT_ICON0x472080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                RT_ICON0x480b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                RT_ICON0x489580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                RT_ICON0x48ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                RT_ICON0x523ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                RT_ICON0x549940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                RT_ICON0x55a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                RT_GROUP_ICON0x55ea40x68data0.7019230769230769
                                                                                                                                                                                                RT_MANIFEST0x55f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                Imports

                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                COMCTL32.dll
                                                                                                                                                                                                KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Dec 6, 2024 17:46:33.121575117 CET4970580192.168.2.5163.5.242.208
                                                                                                                                                                                                Dec 6, 2024 17:46:33.241637945 CET8049705163.5.242.208192.168.2.5
                                                                                                                                                                                                Dec 6, 2024 17:46:33.241775990 CET4970580192.168.2.5163.5.242.208
                                                                                                                                                                                                Dec 6, 2024 17:46:33.241931915 CET4970580192.168.2.5163.5.242.208
                                                                                                                                                                                                Dec 6, 2024 17:46:33.361848116 CET8049705163.5.242.208192.168.2.5
                                                                                                                                                                                                Dec 6, 2024 17:46:34.599898100 CET8049705163.5.242.208192.168.2.5
                                                                                                                                                                                                Dec 6, 2024 17:46:34.603846073 CET4970580192.168.2.5163.5.242.208
                                                                                                                                                                                                Dec 6, 2024 17:46:34.605781078 CET4970680192.168.2.5163.5.242.208
                                                                                                                                                                                                Dec 6, 2024 17:46:34.724471092 CET8049705163.5.242.208192.168.2.5
                                                                                                                                                                                                Dec 6, 2024 17:46:34.724735975 CET4970580192.168.2.5163.5.242.208
                                                                                                                                                                                                Dec 6, 2024 17:46:34.725511074 CET8049706163.5.242.208192.168.2.5
                                                                                                                                                                                                Dec 6, 2024 17:46:34.725632906 CET4970680192.168.2.5163.5.242.208
                                                                                                                                                                                                Dec 6, 2024 17:46:34.725807905 CET4970680192.168.2.5163.5.242.208
                                                                                                                                                                                                Dec 6, 2024 17:46:34.845556974 CET8049706163.5.242.208192.168.2.5
                                                                                                                                                                                                Dec 6, 2024 17:46:36.073540926 CET8049706163.5.242.208192.168.2.5
                                                                                                                                                                                                Dec 6, 2024 17:46:36.074883938 CET4970680192.168.2.5163.5.242.208
                                                                                                                                                                                                Dec 6, 2024 17:46:36.195441008 CET8049706163.5.242.208192.168.2.5
                                                                                                                                                                                                Dec 6, 2024 17:46:36.195524931 CET4970680192.168.2.5163.5.242.208

                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                • 163.5.242.208

                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                0192.168.2.549705163.5.242.208801020C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                Dec 6, 2024 17:46:33.241931915 CET165OUTGET /bababa31692_token.txt HTTP/1.1
                                                                                                                                                                                                Host: 163.5.242.208
                                                                                                                                                                                                User-Agent: python-requests/2.32.3
                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                Dec 6, 2024 17:46:34.599898100 CET354INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Fri, 06 Dec 2024 16:46:34 GMT
                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                Last-Modified: Mon, 25 Nov 2024 18:05:43 GMT
                                                                                                                                                                                                ETag: "2e-627c094cae5b4"
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                Content-Length: 46
                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                Data Raw: 38 31 32 34 33 38 33 35 39 31 3a 41 41 45 66 46 72 68 37 4f 37 78 6a 77 61 72 79 47 31 41 43 63 44 4a 79 52 61 48 50 59 4b 48 6b 6a 4c 55
                                                                                                                                                                                                Data Ascii: 8124383591:AAEfFrh7O7xjwaryG1ACcDJyRaHPYKHkjLU


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                1192.168.2.549706163.5.242.208801020C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                Dec 6, 2024 17:46:34.725807905 CET163OUTGET /6931506959_chat.txt HTTP/1.1
                                                                                                                                                                                                Host: 163.5.242.208
                                                                                                                                                                                                User-Agent: python-requests/2.32.3
                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                Dec 6, 2024 17:46:36.073540926 CET318INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Fri, 06 Dec 2024 16:46:35 GMT
                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                Last-Modified: Sun, 01 Dec 2024 00:37:31 GMT
                                                                                                                                                                                                ETag: "b-6282aa331d36f"
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                Content-Length: 11
                                                                                                                                                                                                Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                Data Raw: 2d 34 36 33 31 37 36 39 35 35 33
                                                                                                                                                                                                Data Ascii: -4631769553


                                                                                                                                                                                                Statistics

                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                Behavior

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                Start time:11:46:25
                                                                                                                                                                                                Start date:06/12/2024
                                                                                                                                                                                                Path:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\WVuXCNNYG0.exe"
                                                                                                                                                                                                Imagebase:0x7ff65ecc0000
                                                                                                                                                                                                File size:18'166'844 bytes
                                                                                                                                                                                                MD5 hash:5B0D552A08E6EB471F4E487850E9CB67
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                Start time:11:46:28
                                                                                                                                                                                                Start date:06/12/2024
                                                                                                                                                                                                Path:C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\WVuXCNNYG0.exe"
                                                                                                                                                                                                Imagebase:0x7ff65ecc0000
                                                                                                                                                                                                File size:18'166'844 bytes
                                                                                                                                                                                                MD5 hash:5B0D552A08E6EB471F4E487850E9CB67
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:10.2%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                  Signature Coverage:19.7%
                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                  Total number of Limit Nodes:38
                                                                                                                                                                                                  execution_graph 19888 7ff65ecdc590 19899 7ff65ece0348 EnterCriticalSection 19888->19899 20463 7ff65ecd5480 20464 7ff65ecd548b 20463->20464 20472 7ff65ecdf314 20464->20472 20485 7ff65ece0348 EnterCriticalSection 20472->20485 18754 7ff65ecdf9fc 18755 7ff65ecdfbee 18754->18755 18759 7ff65ecdfa3e _isindst 18754->18759 18756 7ff65ecd4f78 _get_daylight 11 API calls 18755->18756 18774 7ff65ecdfbde 18756->18774 18757 7ff65eccc5c0 _log10_special 8 API calls 18758 7ff65ecdfc09 18757->18758 18759->18755 18760 7ff65ecdfabe _isindst 18759->18760 18775 7ff65ece6204 18760->18775 18765 7ff65ecdfc1a 18767 7ff65ecda970 _isindst 17 API calls 18765->18767 18769 7ff65ecdfc2e 18767->18769 18772 7ff65ecdfb1b 18772->18774 18799 7ff65ece6248 18772->18799 18774->18757 18776 7ff65ece6213 18775->18776 18780 7ff65ecdfadc 18775->18780 18806 7ff65ece0348 EnterCriticalSection 18776->18806 18781 7ff65ece5608 18780->18781 18782 7ff65ece5611 18781->18782 18783 7ff65ecdfaf1 18781->18783 18784 7ff65ecd4f78 _get_daylight 11 API calls 18782->18784 18783->18765 18787 7ff65ece5638 18783->18787 18785 7ff65ece5616 18784->18785 18786 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 18785->18786 18786->18783 18788 7ff65ece5641 18787->18788 18789 7ff65ecdfb02 18787->18789 18790 7ff65ecd4f78 _get_daylight 11 API calls 18788->18790 18789->18765 18793 7ff65ece5668 18789->18793 18791 7ff65ece5646 18790->18791 18792 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 18791->18792 18792->18789 18794 7ff65ece5671 18793->18794 18795 7ff65ecdfb13 18793->18795 18796 7ff65ecd4f78 _get_daylight 11 API calls 18794->18796 18795->18765 18795->18772 18797 7ff65ece5676 18796->18797 18798 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 18797->18798 18798->18795 18807 7ff65ece0348 EnterCriticalSection 18799->18807 16149 7ff65eccccac 16170 7ff65eccce7c 16149->16170 16152 7ff65ecccdf8 16324 7ff65eccd19c IsProcessorFeaturePresent 16152->16324 16153 7ff65eccccc8 __scrt_acquire_startup_lock 16155 7ff65eccce02 16153->16155 16162 7ff65ecccce6 __scrt_release_startup_lock 16153->16162 16156 7ff65eccd19c 7 API calls 16155->16156 16158 7ff65eccce0d _CreateFrameInfo 16156->16158 16157 7ff65ecccd0b 16159 7ff65ecccd91 16176 7ff65eccd2e4 16159->16176 16161 7ff65ecccd96 16179 7ff65ecc1000 16161->16179 16162->16157 16162->16159 16313 7ff65ecd9b9c 16162->16313 16167 7ff65ecccdb9 16167->16158 16320 7ff65eccd000 16167->16320 16171 7ff65eccce84 16170->16171 16172 7ff65eccce90 __scrt_dllmain_crt_thread_attach 16171->16172 16173 7ff65eccccc0 16172->16173 16174 7ff65eccce9d 16172->16174 16173->16152 16173->16153 16174->16173 16331 7ff65eccd8f8 16174->16331 16358 7ff65ecea540 16176->16358 16180 7ff65ecc1009 16179->16180 16360 7ff65ecd54f4 16180->16360 16182 7ff65ecc37fb 16367 7ff65ecc36b0 16182->16367 16186 7ff65eccc5c0 _log10_special 8 API calls 16188 7ff65ecc3ca7 16186->16188 16318 7ff65eccd328 GetModuleHandleW 16188->16318 16189 7ff65ecc383c 16534 7ff65ecc1c80 16189->16534 16190 7ff65ecc391b 16543 7ff65ecc45b0 16190->16543 16194 7ff65ecc385b 16439 7ff65ecc8a20 16194->16439 16195 7ff65ecc396a 16566 7ff65ecc2710 16195->16566 16199 7ff65ecc388e 16206 7ff65ecc38bb __std_exception_destroy 16199->16206 16538 7ff65ecc8b90 16199->16538 16200 7ff65ecc395d 16201 7ff65ecc3984 16200->16201 16202 7ff65ecc3962 16200->16202 16205 7ff65ecc1c80 49 API calls 16201->16205 16562 7ff65ecd00bc 16202->16562 16207 7ff65ecc39a3 16205->16207 16208 7ff65ecc8a20 14 API calls 16206->16208 16216 7ff65ecc38de __std_exception_destroy 16206->16216 16212 7ff65ecc1950 115 API calls 16207->16212 16208->16216 16209 7ff65ecc8b30 40 API calls 16210 7ff65ecc3a0b 16209->16210 16211 7ff65ecc8b90 40 API calls 16210->16211 16214 7ff65ecc3a17 16211->16214 16213 7ff65ecc39ce 16212->16213 16213->16194 16215 7ff65ecc39de 16213->16215 16217 7ff65ecc8b90 40 API calls 16214->16217 16218 7ff65ecc2710 54 API calls 16215->16218 16216->16209 16221 7ff65ecc390e __std_exception_destroy 16216->16221 16219 7ff65ecc3a23 16217->16219 16260 7ff65ecc3808 __std_exception_destroy 16218->16260 16220 7ff65ecc8b90 40 API calls 16219->16220 16220->16221 16222 7ff65ecc8a20 14 API calls 16221->16222 16223 7ff65ecc3a3b 16222->16223 16224 7ff65ecc3b2f 16223->16224 16225 7ff65ecc3a60 __std_exception_destroy 16223->16225 16226 7ff65ecc2710 54 API calls 16224->16226 16235 7ff65ecc3aab 16225->16235 16452 7ff65ecc8b30 16225->16452 16226->16260 16228 7ff65ecc8a20 14 API calls 16229 7ff65ecc3bf4 __std_exception_destroy 16228->16229 16230 7ff65ecc3d41 16229->16230 16231 7ff65ecc3c46 16229->16231 16577 7ff65ecc44d0 16230->16577 16232 7ff65ecc3c50 16231->16232 16233 7ff65ecc3cd4 16231->16233 16459 7ff65ecc90e0 16232->16459 16237 7ff65ecc8a20 14 API calls 16233->16237 16235->16228 16240 7ff65ecc3ce0 16237->16240 16238 7ff65ecc3d4f 16241 7ff65ecc3d71 16238->16241 16242 7ff65ecc3d65 16238->16242 16243 7ff65ecc3c61 16240->16243 16247 7ff65ecc3ced 16240->16247 16245 7ff65ecc1c80 49 API calls 16241->16245 16580 7ff65ecc4620 16242->16580 16250 7ff65ecc2710 54 API calls 16243->16250 16257 7ff65ecc3cc8 __std_exception_destroy 16245->16257 16251 7ff65ecc1c80 49 API calls 16247->16251 16248 7ff65ecc3dc4 16509 7ff65ecc9400 16248->16509 16250->16260 16253 7ff65ecc3d0b 16251->16253 16256 7ff65ecc3d12 16253->16256 16253->16257 16254 7ff65ecc3da7 SetDllDirectoryW LoadLibraryExW 16254->16248 16255 7ff65ecc3dd7 SetDllDirectoryW 16261 7ff65ecc3e0a 16255->16261 16304 7ff65ecc3e5a 16255->16304 16259 7ff65ecc2710 54 API calls 16256->16259 16257->16248 16257->16254 16259->16260 16260->16186 16263 7ff65ecc8a20 14 API calls 16261->16263 16262 7ff65ecc3ffc 16265 7ff65ecc4029 16262->16265 16266 7ff65ecc4006 PostMessageW GetMessageW 16262->16266 16269 7ff65ecc3e16 __std_exception_destroy 16263->16269 16264 7ff65ecc3f1b 16514 7ff65ecc33c0 16264->16514 16657 7ff65ecc3360 16265->16657 16266->16265 16271 7ff65ecc3ef2 16269->16271 16275 7ff65ecc3e4e 16269->16275 16274 7ff65ecc8b30 40 API calls 16271->16274 16274->16304 16275->16304 16583 7ff65ecc6db0 16275->16583 16304->16262 16304->16264 16314 7ff65ecd9bb3 16313->16314 16315 7ff65ecd9bd4 16313->16315 16314->16159 16316 7ff65ecda448 45 API calls 16315->16316 16317 7ff65ecd9bd9 16316->16317 16319 7ff65eccd339 16318->16319 16319->16167 16322 7ff65eccd011 16320->16322 16321 7ff65ecccdd0 16321->16157 16322->16321 16323 7ff65eccd8f8 7 API calls 16322->16323 16323->16321 16325 7ff65eccd1c2 _CreateFrameInfo __scrt_get_show_window_mode 16324->16325 16326 7ff65eccd1e1 RtlCaptureContext RtlLookupFunctionEntry 16325->16326 16327 7ff65eccd20a RtlVirtualUnwind 16326->16327 16328 7ff65eccd246 __scrt_get_show_window_mode 16326->16328 16327->16328 16329 7ff65eccd278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16328->16329 16330 7ff65eccd2c6 _CreateFrameInfo 16329->16330 16330->16155 16332 7ff65eccd900 16331->16332 16333 7ff65eccd90a 16331->16333 16337 7ff65eccdc94 16332->16337 16333->16173 16338 7ff65eccdca3 16337->16338 16340 7ff65eccd905 16337->16340 16345 7ff65eccded0 16338->16345 16341 7ff65eccdd00 16340->16341 16342 7ff65eccdd2b 16341->16342 16343 7ff65eccdd0e DeleteCriticalSection 16342->16343 16344 7ff65eccdd2f 16342->16344 16343->16342 16344->16333 16349 7ff65eccdd38 16345->16349 16350 7ff65eccde22 TlsFree 16349->16350 16356 7ff65eccdd7c __vcrt_FlsAlloc 16349->16356 16351 7ff65eccddaa LoadLibraryExW 16353 7ff65eccddcb GetLastError 16351->16353 16354 7ff65eccde49 16351->16354 16352 7ff65eccde69 GetProcAddress 16352->16350 16353->16356 16354->16352 16355 7ff65eccde60 FreeLibrary 16354->16355 16355->16352 16356->16350 16356->16351 16356->16352 16357 7ff65eccdded LoadLibraryExW 16356->16357 16357->16354 16357->16356 16359 7ff65eccd2fb GetStartupInfoW 16358->16359 16359->16161 16361 7ff65ecdf4f0 16360->16361 16363 7ff65ecdf596 16361->16363 16364 7ff65ecdf543 16361->16364 16362 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 16366 7ff65ecdf56c 16362->16366 16670 7ff65ecdf3c8 16363->16670 16364->16362 16366->16182 16678 7ff65eccc8c0 16367->16678 16370 7ff65ecc3710 16680 7ff65ecc92f0 FindFirstFileExW 16370->16680 16371 7ff65ecc36eb GetLastError 16685 7ff65ecc2c50 16371->16685 16375 7ff65ecc3723 16700 7ff65ecc9370 CreateFileW 16375->16700 16376 7ff65ecc377d 16711 7ff65ecc94b0 16376->16711 16377 7ff65eccc5c0 _log10_special 8 API calls 16380 7ff65ecc37b5 16377->16380 16380->16260 16389 7ff65ecc1950 16380->16389 16382 7ff65ecc378b 16385 7ff65ecc3706 16382->16385 16386 7ff65ecc2810 49 API calls 16382->16386 16383 7ff65ecc3734 16703 7ff65ecc2810 16383->16703 16384 7ff65ecc374c __vcrt_FlsAlloc 16384->16376 16385->16377 16386->16385 16390 7ff65ecc45b0 108 API calls 16389->16390 16391 7ff65ecc1985 16390->16391 16392 7ff65ecc1c43 16391->16392 16393 7ff65ecc7f80 83 API calls 16391->16393 16394 7ff65eccc5c0 _log10_special 8 API calls 16392->16394 16395 7ff65ecc19cb 16393->16395 16396 7ff65ecc1c5e 16394->16396 16438 7ff65ecc1a03 16395->16438 17091 7ff65ecd0744 16395->17091 16396->16189 16396->16190 16398 7ff65ecd00bc 74 API calls 16398->16392 16399 7ff65ecc19e5 16400 7ff65ecc19e9 16399->16400 16401 7ff65ecc1a08 16399->16401 16403 7ff65ecd4f78 _get_daylight 11 API calls 16400->16403 17095 7ff65ecd040c 16401->17095 16405 7ff65ecc19ee 16403->16405 17098 7ff65ecc2910 16405->17098 16406 7ff65ecc1a45 16412 7ff65ecc1a5c 16406->16412 16413 7ff65ecc1a7b 16406->16413 16407 7ff65ecc1a26 16409 7ff65ecd4f78 _get_daylight 11 API calls 16407->16409 16410 7ff65ecc1a2b 16409->16410 16411 7ff65ecc2910 54 API calls 16410->16411 16411->16438 16415 7ff65ecd4f78 _get_daylight 11 API calls 16412->16415 16414 7ff65ecc1c80 49 API calls 16413->16414 16416 7ff65ecc1a92 16414->16416 16417 7ff65ecc1a61 16415->16417 16418 7ff65ecc1c80 49 API calls 16416->16418 16419 7ff65ecc2910 54 API calls 16417->16419 16420 7ff65ecc1add 16418->16420 16419->16438 16421 7ff65ecd0744 73 API calls 16420->16421 16422 7ff65ecc1b01 16421->16422 16423 7ff65ecc1b35 16422->16423 16424 7ff65ecc1b16 16422->16424 16426 7ff65ecd040c _fread_nolock 53 API calls 16423->16426 16425 7ff65ecd4f78 _get_daylight 11 API calls 16424->16425 16427 7ff65ecc1b1b 16425->16427 16428 7ff65ecc1b4a 16426->16428 16431 7ff65ecc2910 54 API calls 16427->16431 16429 7ff65ecc1b50 16428->16429 16430 7ff65ecc1b6f 16428->16430 16432 7ff65ecd4f78 _get_daylight 11 API calls 16429->16432 17113 7ff65ecd0180 16430->17113 16431->16438 16434 7ff65ecc1b55 16432->16434 16436 7ff65ecc2910 54 API calls 16434->16436 16436->16438 16437 7ff65ecc2710 54 API calls 16437->16438 16438->16398 16440 7ff65ecc8a2a 16439->16440 16441 7ff65ecc9400 2 API calls 16440->16441 16442 7ff65ecc8a49 GetEnvironmentVariableW 16441->16442 16443 7ff65ecc8ab2 16442->16443 16444 7ff65ecc8a66 ExpandEnvironmentStringsW 16442->16444 16445 7ff65eccc5c0 _log10_special 8 API calls 16443->16445 16444->16443 16446 7ff65ecc8a88 16444->16446 16448 7ff65ecc8ac4 16445->16448 16447 7ff65ecc94b0 2 API calls 16446->16447 16449 7ff65ecc8a9a 16447->16449 16448->16199 16450 7ff65eccc5c0 _log10_special 8 API calls 16449->16450 16451 7ff65ecc8aaa 16450->16451 16451->16199 16453 7ff65ecc9400 2 API calls 16452->16453 16454 7ff65ecc8b4c 16453->16454 16455 7ff65ecc9400 2 API calls 16454->16455 16456 7ff65ecc8b5c 16455->16456 17331 7ff65ecd82a8 16456->17331 16458 7ff65ecc8b6a __std_exception_destroy 16458->16235 16460 7ff65ecc90f5 16459->16460 17349 7ff65ecc8760 GetCurrentProcess OpenProcessToken 16460->17349 16463 7ff65ecc8760 7 API calls 16464 7ff65ecc9121 16463->16464 16465 7ff65ecc9154 16464->16465 16466 7ff65ecc913a 16464->16466 16467 7ff65ecc26b0 48 API calls 16465->16467 16468 7ff65ecc26b0 48 API calls 16466->16468 16470 7ff65ecc9167 LocalFree LocalFree 16467->16470 16469 7ff65ecc9152 16468->16469 16469->16470 16471 7ff65ecc9183 16470->16471 16473 7ff65ecc918f 16470->16473 17359 7ff65ecc2b50 16471->17359 16474 7ff65eccc5c0 _log10_special 8 API calls 16473->16474 16475 7ff65ecc3c55 16474->16475 16475->16243 16476 7ff65ecc8850 16475->16476 16477 7ff65ecc8868 16476->16477 16478 7ff65ecc88ea GetTempPathW GetCurrentProcessId 16477->16478 16479 7ff65ecc888c 16477->16479 17368 7ff65ecc25c0 16478->17368 16481 7ff65ecc8a20 14 API calls 16479->16481 16482 7ff65ecc8898 16481->16482 17375 7ff65ecc81c0 16482->17375 16490 7ff65ecc8918 __std_exception_destroy 16495 7ff65ecc8955 __std_exception_destroy 16490->16495 17372 7ff65ecd8bd8 16490->17372 16494 7ff65eccc5c0 _log10_special 8 API calls 16496 7ff65ecc3cbb 16494->16496 16500 7ff65ecc9400 2 API calls 16495->16500 16508 7ff65ecc89c4 __std_exception_destroy 16495->16508 16496->16243 16496->16257 16501 7ff65ecc89a1 16500->16501 16502 7ff65ecc89a6 16501->16502 16503 7ff65ecc89d9 16501->16503 16504 7ff65ecc9400 2 API calls 16502->16504 16505 7ff65ecd82a8 38 API calls 16503->16505 16506 7ff65ecc89b6 16504->16506 16505->16508 16508->16494 16510 7ff65ecc9422 MultiByteToWideChar 16509->16510 16513 7ff65ecc9446 16509->16513 16512 7ff65ecc945c __std_exception_destroy 16510->16512 16510->16513 16511 7ff65ecc9463 MultiByteToWideChar 16511->16512 16512->16255 16513->16511 16513->16512 16520 7ff65ecc33ce __scrt_get_show_window_mode 16514->16520 16515 7ff65ecc35c7 16516 7ff65eccc5c0 _log10_special 8 API calls 16515->16516 16517 7ff65ecc3664 16516->16517 16517->16260 16533 7ff65ecc90c0 LocalFree 16517->16533 16519 7ff65ecc1c80 49 API calls 16519->16520 16520->16515 16520->16519 16524 7ff65ecc35c9 16520->16524 16526 7ff65ecc2a50 54 API calls 16520->16526 16528 7ff65ecc35e2 16520->16528 16531 7ff65ecc35d0 16520->16531 17646 7ff65ecc4550 16520->17646 17652 7ff65ecc7e10 16520->17652 17663 7ff65ecc1600 16520->17663 17711 7ff65ecc7110 16520->17711 17715 7ff65ecc4180 16520->17715 17759 7ff65ecc4440 16520->17759 16522 7ff65ecc2710 54 API calls 16522->16515 16527 7ff65ecc2710 54 API calls 16524->16527 16526->16520 16527->16515 16528->16522 16532 7ff65ecc2710 54 API calls 16531->16532 16532->16515 16535 7ff65ecc1ca5 16534->16535 16536 7ff65ecd49f4 49 API calls 16535->16536 16537 7ff65ecc1cc8 16536->16537 16537->16194 16539 7ff65ecc9400 2 API calls 16538->16539 16540 7ff65ecc8ba4 16539->16540 16541 7ff65ecd82a8 38 API calls 16540->16541 16542 7ff65ecc8bb6 __std_exception_destroy 16541->16542 16542->16206 16544 7ff65ecc45bc 16543->16544 16545 7ff65ecc9400 2 API calls 16544->16545 16546 7ff65ecc45e4 16545->16546 16547 7ff65ecc9400 2 API calls 16546->16547 16548 7ff65ecc45f7 16547->16548 17942 7ff65ecd6004 16548->17942 16551 7ff65eccc5c0 _log10_special 8 API calls 16552 7ff65ecc392b 16551->16552 16552->16195 16553 7ff65ecc7f80 16552->16553 16554 7ff65ecc7fa4 16553->16554 16555 7ff65ecd0744 73 API calls 16554->16555 16560 7ff65ecc807b __std_exception_destroy 16554->16560 16556 7ff65ecc7fc0 16555->16556 16556->16560 18333 7ff65ecd7938 16556->18333 16558 7ff65ecd0744 73 API calls 16561 7ff65ecc7fd5 16558->16561 16559 7ff65ecd040c _fread_nolock 53 API calls 16559->16561 16560->16200 16561->16558 16561->16559 16561->16560 16563 7ff65ecd00ec 16562->16563 18348 7ff65eccfe98 16563->18348 16565 7ff65ecd0105 16565->16195 16567 7ff65eccc8c0 16566->16567 16568 7ff65ecc2734 GetCurrentProcessId 16567->16568 16569 7ff65ecc1c80 49 API calls 16568->16569 16570 7ff65ecc2787 16569->16570 16571 7ff65ecd49f4 49 API calls 16570->16571 16572 7ff65ecc27cf 16571->16572 16573 7ff65ecc2620 12 API calls 16572->16573 16574 7ff65ecc27f1 16573->16574 16575 7ff65eccc5c0 _log10_special 8 API calls 16574->16575 16576 7ff65ecc2801 16575->16576 16576->16260 16578 7ff65ecc1c80 49 API calls 16577->16578 16579 7ff65ecc44ed 16578->16579 16579->16238 16581 7ff65ecc1c80 49 API calls 16580->16581 16582 7ff65ecc4650 16581->16582 16582->16257 16584 7ff65ecc6dc5 16583->16584 16585 7ff65ecc3e6c 16584->16585 16586 7ff65ecd4f78 _get_daylight 11 API calls 16584->16586 16589 7ff65ecc7330 16585->16589 16587 7ff65ecc6dd2 16586->16587 16588 7ff65ecc2910 54 API calls 16587->16588 16588->16585 18359 7ff65ecc1470 16589->18359 16591 7ff65ecc7358 16592 7ff65ecc4620 49 API calls 16591->16592 16602 7ff65ecc74a9 __std_exception_destroy 16591->16602 16593 7ff65ecc737a 16592->16593 18465 7ff65ecc6350 16657->18465 16660 7ff65ecc3399 16666 7ff65ecc3670 16660->16666 16667 7ff65ecc367e 16666->16667 16677 7ff65ecd54dc EnterCriticalSection 16670->16677 16679 7ff65ecc36bc GetModuleFileNameW 16678->16679 16679->16370 16679->16371 16681 7ff65ecc932f FindClose 16680->16681 16682 7ff65ecc9342 16680->16682 16681->16682 16683 7ff65eccc5c0 _log10_special 8 API calls 16682->16683 16684 7ff65ecc371a 16683->16684 16684->16375 16684->16376 16686 7ff65eccc8c0 16685->16686 16687 7ff65ecc2c70 GetCurrentProcessId 16686->16687 16716 7ff65ecc26b0 16687->16716 16689 7ff65ecc2cb9 16720 7ff65ecd4c48 16689->16720 16692 7ff65ecc26b0 48 API calls 16693 7ff65ecc2d34 FormatMessageW 16692->16693 16695 7ff65ecc2d7f MessageBoxW 16693->16695 16696 7ff65ecc2d6d 16693->16696 16698 7ff65eccc5c0 _log10_special 8 API calls 16695->16698 16697 7ff65ecc26b0 48 API calls 16696->16697 16697->16695 16699 7ff65ecc2daf 16698->16699 16699->16385 16701 7ff65ecc93b0 GetFinalPathNameByHandleW CloseHandle 16700->16701 16702 7ff65ecc3730 16700->16702 16701->16702 16702->16383 16702->16384 16704 7ff65ecc2834 16703->16704 16705 7ff65ecc26b0 48 API calls 16704->16705 16706 7ff65ecc2887 16705->16706 16707 7ff65ecd4c48 48 API calls 16706->16707 16708 7ff65ecc28d0 MessageBoxW 16707->16708 16709 7ff65eccc5c0 _log10_special 8 API calls 16708->16709 16710 7ff65ecc2900 16709->16710 16710->16385 16712 7ff65ecc9505 16711->16712 16713 7ff65ecc94da WideCharToMultiByte 16711->16713 16714 7ff65ecc9522 WideCharToMultiByte 16712->16714 16715 7ff65ecc951b __std_exception_destroy 16712->16715 16713->16712 16713->16715 16714->16715 16715->16382 16717 7ff65ecc26d5 16716->16717 16718 7ff65ecd4c48 48 API calls 16717->16718 16719 7ff65ecc26f8 16718->16719 16719->16689 16722 7ff65ecd4ca2 16720->16722 16721 7ff65ecd4cc7 16723 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 16721->16723 16722->16721 16724 7ff65ecd4d03 16722->16724 16726 7ff65ecd4cf1 16723->16726 16738 7ff65ecd3000 16724->16738 16728 7ff65eccc5c0 _log10_special 8 API calls 16726->16728 16730 7ff65ecc2d04 16728->16730 16729 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16729->16726 16730->16692 16731 7ff65ecd4de4 16731->16729 16732 7ff65ecd4db9 16734 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16732->16734 16733 7ff65ecd4e0a 16733->16731 16736 7ff65ecd4e14 16733->16736 16734->16726 16735 7ff65ecd4db0 16735->16731 16735->16732 16737 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16736->16737 16737->16726 16739 7ff65ecd303e 16738->16739 16744 7ff65ecd302e 16738->16744 16740 7ff65ecd3047 16739->16740 16745 7ff65ecd3075 16739->16745 16742 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 16740->16742 16741 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 16743 7ff65ecd306d 16741->16743 16742->16743 16743->16731 16743->16732 16743->16733 16743->16735 16744->16741 16745->16743 16745->16744 16749 7ff65ecd3a14 16745->16749 16782 7ff65ecd3460 16745->16782 16819 7ff65ecd2bf0 16745->16819 16750 7ff65ecd3a56 16749->16750 16751 7ff65ecd3ac7 16749->16751 16752 7ff65ecd3af1 16750->16752 16753 7ff65ecd3a5c 16750->16753 16754 7ff65ecd3b20 16751->16754 16755 7ff65ecd3acc 16751->16755 16842 7ff65ecd1dc4 16752->16842 16756 7ff65ecd3a90 16753->16756 16757 7ff65ecd3a61 16753->16757 16758 7ff65ecd3b2f 16754->16758 16760 7ff65ecd3b37 16754->16760 16764 7ff65ecd3b2a 16754->16764 16761 7ff65ecd3b01 16755->16761 16763 7ff65ecd3ace 16755->16763 16756->16758 16765 7ff65ecd3a67 16756->16765 16757->16760 16757->16765 16780 7ff65ecd3b60 16758->16780 16860 7ff65ecd21d4 16758->16860 16856 7ff65ecd471c 16760->16856 16849 7ff65ecd19b4 16761->16849 16762 7ff65ecd3a70 16762->16780 16822 7ff65ecd41c8 16762->16822 16763->16762 16771 7ff65ecd3add 16763->16771 16764->16752 16764->16758 16765->16762 16769 7ff65ecd3aa2 16765->16769 16777 7ff65ecd3a8b 16765->16777 16769->16780 16832 7ff65ecd4504 16769->16832 16771->16752 16772 7ff65ecd3ae2 16771->16772 16772->16780 16838 7ff65ecd45c8 16772->16838 16774 7ff65eccc5c0 _log10_special 8 API calls 16776 7ff65ecd3e5a 16774->16776 16776->16745 16777->16780 16781 7ff65ecd3d4c 16777->16781 16867 7ff65ecd4830 16777->16867 16780->16774 16781->16780 16873 7ff65ecdea78 16781->16873 16783 7ff65ecd3484 16782->16783 16784 7ff65ecd346e 16782->16784 16785 7ff65ecd34c4 16783->16785 16788 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 16783->16788 16784->16785 16786 7ff65ecd3a56 16784->16786 16787 7ff65ecd3ac7 16784->16787 16785->16745 16789 7ff65ecd3af1 16786->16789 16790 7ff65ecd3a5c 16786->16790 16791 7ff65ecd3b20 16787->16791 16792 7ff65ecd3acc 16787->16792 16788->16785 16796 7ff65ecd1dc4 38 API calls 16789->16796 16793 7ff65ecd3a90 16790->16793 16794 7ff65ecd3a61 16790->16794 16797 7ff65ecd3b37 16791->16797 16798 7ff65ecd3b2a 16791->16798 16800 7ff65ecd3b2f 16791->16800 16795 7ff65ecd3b01 16792->16795 16801 7ff65ecd3ace 16792->16801 16793->16800 16802 7ff65ecd3a67 16793->16802 16794->16797 16794->16802 16803 7ff65ecd19b4 38 API calls 16795->16803 16814 7ff65ecd3a8b 16796->16814 16799 7ff65ecd471c 45 API calls 16797->16799 16798->16789 16798->16800 16799->16814 16806 7ff65ecd21d4 38 API calls 16800->16806 16817 7ff65ecd3b60 16800->16817 16807 7ff65ecd3add 16801->16807 16808 7ff65ecd3a70 16801->16808 16805 7ff65ecd3aa2 16802->16805 16802->16808 16802->16814 16803->16814 16804 7ff65ecd41c8 47 API calls 16804->16814 16809 7ff65ecd4504 46 API calls 16805->16809 16805->16817 16806->16814 16807->16789 16810 7ff65ecd3ae2 16807->16810 16808->16804 16808->16817 16809->16814 16812 7ff65ecd45c8 37 API calls 16810->16812 16810->16817 16811 7ff65eccc5c0 _log10_special 8 API calls 16813 7ff65ecd3e5a 16811->16813 16812->16814 16813->16745 16815 7ff65ecd4830 45 API calls 16814->16815 16814->16817 16818 7ff65ecd3d4c 16814->16818 16815->16818 16816 7ff65ecdea78 46 API calls 16816->16818 16817->16811 16818->16816 16818->16817 17074 7ff65ecd1038 16819->17074 16823 7ff65ecd41ee 16822->16823 16885 7ff65ecd0bf0 16823->16885 16828 7ff65ecd4830 45 API calls 16830 7ff65ecd4333 16828->16830 16829 7ff65ecd4830 45 API calls 16831 7ff65ecd43c1 16829->16831 16830->16829 16830->16830 16830->16831 16831->16777 16834 7ff65ecd4539 16832->16834 16833 7ff65ecd457e 16833->16777 16834->16833 16835 7ff65ecd4557 16834->16835 16837 7ff65ecd4830 45 API calls 16834->16837 16836 7ff65ecdea78 46 API calls 16835->16836 16836->16833 16837->16835 16840 7ff65ecd45e9 16838->16840 16839 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 16841 7ff65ecd461a 16839->16841 16840->16839 16840->16841 16841->16777 16843 7ff65ecd1df7 16842->16843 16844 7ff65ecd1e26 16843->16844 16846 7ff65ecd1ee3 16843->16846 16848 7ff65ecd1e63 16844->16848 17028 7ff65ecd0c98 16844->17028 16847 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 16846->16847 16847->16848 16848->16777 16850 7ff65ecd19e7 16849->16850 16851 7ff65ecd1a16 16850->16851 16853 7ff65ecd1ad3 16850->16853 16852 7ff65ecd0c98 12 API calls 16851->16852 16855 7ff65ecd1a53 16851->16855 16852->16855 16854 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 16853->16854 16854->16855 16855->16777 16857 7ff65ecd475f 16856->16857 16859 7ff65ecd4763 __crtLCMapStringW 16857->16859 17036 7ff65ecd47b8 16857->17036 16859->16777 16861 7ff65ecd2207 16860->16861 16862 7ff65ecd2236 16861->16862 16865 7ff65ecd22f3 16861->16865 16863 7ff65ecd2273 16862->16863 16864 7ff65ecd0c98 12 API calls 16862->16864 16863->16777 16864->16863 16866 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 16865->16866 16866->16863 16868 7ff65ecd4847 16867->16868 17040 7ff65ecdda28 16868->17040 16874 7ff65ecdeaa9 16873->16874 16883 7ff65ecdeab7 16873->16883 16875 7ff65ecdead7 16874->16875 16878 7ff65ecd4830 45 API calls 16874->16878 16874->16883 16876 7ff65ecdeb0f 16875->16876 16877 7ff65ecdeae8 16875->16877 16880 7ff65ecdeb9a 16876->16880 16881 7ff65ecdeb39 16876->16881 16876->16883 17064 7ff65ece0110 16877->17064 16878->16875 16882 7ff65ecdf910 _fread_nolock MultiByteToWideChar 16880->16882 16881->16883 17067 7ff65ecdf910 16881->17067 16882->16883 16883->16781 16886 7ff65ecd0c16 16885->16886 16887 7ff65ecd0c27 16885->16887 16893 7ff65ecde5e0 16886->16893 16887->16886 16915 7ff65ecdd66c 16887->16915 16890 7ff65ecd0c68 16891 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16890->16891 16891->16886 16892 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16892->16890 16894 7ff65ecde630 16893->16894 16895 7ff65ecde5fd 16893->16895 16894->16895 16897 7ff65ecde662 16894->16897 16896 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 16895->16896 16905 7ff65ecd4311 16896->16905 16902 7ff65ecde775 16897->16902 16910 7ff65ecde6aa 16897->16910 16898 7ff65ecde867 16955 7ff65ecddacc 16898->16955 16899 7ff65ecde82d 16948 7ff65ecdde64 16899->16948 16901 7ff65ecde7fc 16941 7ff65ecde144 16901->16941 16902->16898 16902->16899 16902->16901 16904 7ff65ecde7bf 16902->16904 16907 7ff65ecde7b5 16902->16907 16931 7ff65ecde374 16904->16931 16905->16828 16905->16830 16907->16899 16909 7ff65ecde7ba 16907->16909 16909->16901 16909->16904 16910->16905 16922 7ff65ecda514 16910->16922 16913 7ff65ecda970 _isindst 17 API calls 16914 7ff65ecde8c4 16913->16914 16916 7ff65ecdd6b7 16915->16916 16921 7ff65ecdd67b _get_daylight 16915->16921 16917 7ff65ecd4f78 _get_daylight 11 API calls 16916->16917 16919 7ff65ecd0c54 16917->16919 16918 7ff65ecdd69e HeapAlloc 16918->16919 16918->16921 16919->16890 16919->16892 16920 7ff65ece3600 _get_daylight 2 API calls 16920->16921 16921->16916 16921->16918 16921->16920 16923 7ff65ecda521 16922->16923 16924 7ff65ecda52b 16922->16924 16923->16924 16929 7ff65ecda546 16923->16929 16925 7ff65ecd4f78 _get_daylight 11 API calls 16924->16925 16926 7ff65ecda532 16925->16926 16928 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 16926->16928 16927 7ff65ecda53e 16927->16905 16927->16913 16928->16927 16929->16927 16930 7ff65ecd4f78 _get_daylight 11 API calls 16929->16930 16930->16926 16964 7ff65ece411c 16931->16964 16935 7ff65ecde41c 16936 7ff65ecde471 16935->16936 16938 7ff65ecde43c 16935->16938 16940 7ff65ecde420 16935->16940 17017 7ff65ecddf60 16936->17017 17013 7ff65ecde21c 16938->17013 16940->16905 16942 7ff65ece411c 38 API calls 16941->16942 16943 7ff65ecde18e 16942->16943 16944 7ff65ece3b64 37 API calls 16943->16944 16946 7ff65ecde1de 16944->16946 16945 7ff65ecde1e2 16945->16905 16946->16945 16947 7ff65ecde21c 45 API calls 16946->16947 16947->16945 16949 7ff65ece411c 38 API calls 16948->16949 16950 7ff65ecddeaf 16949->16950 16951 7ff65ece3b64 37 API calls 16950->16951 16952 7ff65ecddf07 16951->16952 16953 7ff65ecddf0b 16952->16953 16954 7ff65ecddf60 45 API calls 16952->16954 16953->16905 16954->16953 16956 7ff65ecddb44 16955->16956 16957 7ff65ecddb11 16955->16957 16959 7ff65ecddb5c 16956->16959 16961 7ff65ecddbdd 16956->16961 16958 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 16957->16958 16963 7ff65ecddb3d __scrt_get_show_window_mode 16958->16963 16960 7ff65ecdde64 46 API calls 16959->16960 16960->16963 16962 7ff65ecd4830 45 API calls 16961->16962 16961->16963 16962->16963 16963->16905 16965 7ff65ece416f fegetenv 16964->16965 16966 7ff65ece7e9c 37 API calls 16965->16966 16969 7ff65ece41c2 16966->16969 16967 7ff65ece41ef 16971 7ff65ecda514 __std_exception_copy 37 API calls 16967->16971 16968 7ff65ece42b2 16970 7ff65ece7e9c 37 API calls 16968->16970 16969->16968 16974 7ff65ece428c 16969->16974 16975 7ff65ece41dd 16969->16975 16972 7ff65ece42dc 16970->16972 16973 7ff65ece426d 16971->16973 16976 7ff65ece7e9c 37 API calls 16972->16976 16978 7ff65ece5394 16973->16978 16983 7ff65ece4275 16973->16983 16979 7ff65ecda514 __std_exception_copy 37 API calls 16974->16979 16975->16967 16975->16968 16977 7ff65ece42ed 16976->16977 16980 7ff65ece8090 20 API calls 16977->16980 16981 7ff65ecda970 _isindst 17 API calls 16978->16981 16979->16973 16991 7ff65ece4356 __scrt_get_show_window_mode 16980->16991 16982 7ff65ece53a9 16981->16982 16984 7ff65eccc5c0 _log10_special 8 API calls 16983->16984 16985 7ff65ecde3c1 16984->16985 17009 7ff65ece3b64 16985->17009 16986 7ff65ece46ff __scrt_get_show_window_mode 16987 7ff65ece4a3f 16988 7ff65ece3c80 37 API calls 16987->16988 16995 7ff65ece5157 16988->16995 16989 7ff65ece49eb 16989->16987 16992 7ff65ece53ac memcpy_s 37 API calls 16989->16992 16990 7ff65ece4397 memcpy_s 17002 7ff65ece4cdb memcpy_s __scrt_get_show_window_mode 16990->17002 17003 7ff65ece47f3 memcpy_s __scrt_get_show_window_mode 16990->17003 16991->16986 16991->16990 16993 7ff65ecd4f78 _get_daylight 11 API calls 16991->16993 16992->16987 16994 7ff65ece47d0 16993->16994 16996 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 16994->16996 16997 7ff65ece53ac memcpy_s 37 API calls 16995->16997 17004 7ff65ece51b2 16995->17004 16996->16990 16997->17004 16998 7ff65ece5338 17001 7ff65ece7e9c 37 API calls 16998->17001 16999 7ff65ecd4f78 11 API calls _get_daylight 16999->17002 17000 7ff65ecd4f78 11 API calls _get_daylight 17000->17003 17001->16983 17002->16987 17002->16989 17002->16999 17008 7ff65ecda950 37 API calls _invalid_parameter_noinfo 17002->17008 17003->16989 17003->17000 17006 7ff65ecda950 37 API calls _invalid_parameter_noinfo 17003->17006 17004->16998 17005 7ff65ece3c80 37 API calls 17004->17005 17007 7ff65ece53ac memcpy_s 37 API calls 17004->17007 17005->17004 17006->17003 17007->17004 17008->17002 17010 7ff65ece3b83 17009->17010 17011 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 17010->17011 17012 7ff65ece3bae memcpy_s 17010->17012 17011->17012 17012->16935 17014 7ff65ecde248 memcpy_s 17013->17014 17015 7ff65ecd4830 45 API calls 17014->17015 17016 7ff65ecde302 memcpy_s __scrt_get_show_window_mode 17014->17016 17015->17016 17016->16940 17018 7ff65ecddf9b 17017->17018 17020 7ff65ecddfe8 memcpy_s 17017->17020 17019 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 17018->17019 17021 7ff65ecddfc7 17019->17021 17022 7ff65ecde053 17020->17022 17024 7ff65ecd4830 45 API calls 17020->17024 17021->16940 17023 7ff65ecda514 __std_exception_copy 37 API calls 17022->17023 17027 7ff65ecde095 memcpy_s 17023->17027 17024->17022 17025 7ff65ecda970 _isindst 17 API calls 17026 7ff65ecde140 17025->17026 17027->17025 17029 7ff65ecd0cbe 17028->17029 17030 7ff65ecd0ccf 17028->17030 17029->16848 17030->17029 17031 7ff65ecdd66c _fread_nolock 12 API calls 17030->17031 17032 7ff65ecd0d00 17031->17032 17033 7ff65ecd0d14 17032->17033 17034 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17032->17034 17035 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17033->17035 17034->17033 17035->17029 17037 7ff65ecd47de 17036->17037 17038 7ff65ecd47d6 17036->17038 17037->16859 17039 7ff65ecd4830 45 API calls 17038->17039 17039->17037 17041 7ff65ecdda41 17040->17041 17043 7ff65ecd486f 17040->17043 17041->17043 17048 7ff65ece3374 17041->17048 17044 7ff65ecdda94 17043->17044 17045 7ff65ecddaad 17044->17045 17047 7ff65ecd487f 17044->17047 17045->17047 17061 7ff65ece26c0 17045->17061 17047->16781 17049 7ff65ecdb1c0 _CreateFrameInfo 45 API calls 17048->17049 17050 7ff65ece3383 17049->17050 17051 7ff65ece33ce 17050->17051 17060 7ff65ece0348 EnterCriticalSection 17050->17060 17051->17043 17062 7ff65ecdb1c0 _CreateFrameInfo 45 API calls 17061->17062 17063 7ff65ece26c9 17062->17063 17070 7ff65ece6df8 17064->17070 17069 7ff65ecdf919 MultiByteToWideChar 17067->17069 17073 7ff65ece6e5c 17070->17073 17071 7ff65eccc5c0 _log10_special 8 API calls 17072 7ff65ece012d 17071->17072 17072->16883 17073->17071 17075 7ff65ecd107f 17074->17075 17076 7ff65ecd106d 17074->17076 17079 7ff65ecd108d 17075->17079 17083 7ff65ecd10c9 17075->17083 17077 7ff65ecd4f78 _get_daylight 11 API calls 17076->17077 17078 7ff65ecd1072 17077->17078 17080 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 17078->17080 17081 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 17079->17081 17088 7ff65ecd107d 17080->17088 17081->17088 17082 7ff65ecd1445 17084 7ff65ecd4f78 _get_daylight 11 API calls 17082->17084 17082->17088 17083->17082 17085 7ff65ecd4f78 _get_daylight 11 API calls 17083->17085 17086 7ff65ecd16d9 17084->17086 17087 7ff65ecd143a 17085->17087 17089 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 17086->17089 17090 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 17087->17090 17088->16745 17089->17088 17090->17082 17092 7ff65ecd0774 17091->17092 17119 7ff65ecd04d4 17092->17119 17094 7ff65ecd078d 17094->16399 17131 7ff65ecd042c 17095->17131 17099 7ff65eccc8c0 17098->17099 17100 7ff65ecc2930 GetCurrentProcessId 17099->17100 17101 7ff65ecc1c80 49 API calls 17100->17101 17102 7ff65ecc2979 17101->17102 17145 7ff65ecd49f4 17102->17145 17107 7ff65ecc1c80 49 API calls 17108 7ff65ecc29ff 17107->17108 17175 7ff65ecc2620 17108->17175 17111 7ff65eccc5c0 _log10_special 8 API calls 17112 7ff65ecc2a31 17111->17112 17112->16438 17114 7ff65ecc1b89 17113->17114 17115 7ff65ecd0189 17113->17115 17114->16437 17114->16438 17116 7ff65ecd4f78 _get_daylight 11 API calls 17115->17116 17117 7ff65ecd018e 17116->17117 17118 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 17117->17118 17118->17114 17120 7ff65ecd053e 17119->17120 17121 7ff65ecd04fe 17119->17121 17120->17121 17123 7ff65ecd054a 17120->17123 17122 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 17121->17122 17124 7ff65ecd0525 17122->17124 17130 7ff65ecd54dc EnterCriticalSection 17123->17130 17124->17094 17132 7ff65ecd0456 17131->17132 17143 7ff65ecc1a20 17131->17143 17133 7ff65ecd04a2 17132->17133 17134 7ff65ecd0465 __scrt_get_show_window_mode 17132->17134 17132->17143 17144 7ff65ecd54dc EnterCriticalSection 17133->17144 17136 7ff65ecd4f78 _get_daylight 11 API calls 17134->17136 17138 7ff65ecd047a 17136->17138 17140 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 17138->17140 17140->17143 17143->16406 17143->16407 17148 7ff65ecd4a4e 17145->17148 17146 7ff65ecd4a73 17149 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 17146->17149 17147 7ff65ecd4aaf 17184 7ff65ecd2c80 17147->17184 17148->17146 17148->17147 17151 7ff65ecd4a9d 17149->17151 17154 7ff65eccc5c0 _log10_special 8 API calls 17151->17154 17153 7ff65ecd4b8c 17155 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17153->17155 17156 7ff65ecc29c3 17154->17156 17155->17151 17163 7ff65ecd51d0 17156->17163 17157 7ff65ecd4bb0 17157->17153 17160 7ff65ecd4bba 17157->17160 17158 7ff65ecd4b61 17161 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17158->17161 17159 7ff65ecd4b58 17159->17153 17159->17158 17162 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17160->17162 17161->17151 17162->17151 17164 7ff65ecdb338 _get_daylight 11 API calls 17163->17164 17165 7ff65ecd51e7 17164->17165 17166 7ff65ecdec08 _get_daylight 11 API calls 17165->17166 17167 7ff65ecd5227 17165->17167 17172 7ff65ecc29e5 17165->17172 17168 7ff65ecd521c 17166->17168 17167->17172 17322 7ff65ecdec90 17167->17322 17169 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17168->17169 17169->17167 17172->17107 17173 7ff65ecda970 _isindst 17 API calls 17174 7ff65ecd526c 17173->17174 17176 7ff65ecc262f 17175->17176 17177 7ff65ecc9400 2 API calls 17176->17177 17178 7ff65ecc2660 17177->17178 17179 7ff65ecc266f MessageBoxW 17178->17179 17180 7ff65ecc2683 MessageBoxA 17178->17180 17181 7ff65ecc2690 17179->17181 17180->17181 17182 7ff65eccc5c0 _log10_special 8 API calls 17181->17182 17183 7ff65ecc26a0 17182->17183 17183->17111 17185 7ff65ecd2cbe 17184->17185 17190 7ff65ecd2cae 17184->17190 17186 7ff65ecd2cc7 17185->17186 17194 7ff65ecd2cf5 17185->17194 17188 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 17186->17188 17187 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 17189 7ff65ecd2ced 17187->17189 17188->17189 17189->17153 17189->17157 17189->17158 17189->17159 17190->17187 17191 7ff65ecd4830 45 API calls 17191->17194 17193 7ff65ecd2fa4 17196 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 17193->17196 17194->17189 17194->17190 17194->17191 17194->17193 17198 7ff65ecd3610 17194->17198 17224 7ff65ecd32d8 17194->17224 17254 7ff65ecd2b60 17194->17254 17196->17190 17199 7ff65ecd3652 17198->17199 17200 7ff65ecd36c5 17198->17200 17201 7ff65ecd36ef 17199->17201 17202 7ff65ecd3658 17199->17202 17203 7ff65ecd371f 17200->17203 17204 7ff65ecd36ca 17200->17204 17271 7ff65ecd1bc0 17201->17271 17211 7ff65ecd365d 17202->17211 17215 7ff65ecd372e 17202->17215 17203->17201 17203->17215 17221 7ff65ecd3688 17203->17221 17205 7ff65ecd36ff 17204->17205 17206 7ff65ecd36cc 17204->17206 17278 7ff65ecd17b0 17205->17278 17208 7ff65ecd366d 17206->17208 17214 7ff65ecd36db 17206->17214 17223 7ff65ecd375d 17208->17223 17257 7ff65ecd3f74 17208->17257 17211->17208 17213 7ff65ecd36a0 17211->17213 17211->17221 17213->17223 17267 7ff65ecd4430 17213->17267 17214->17201 17217 7ff65ecd36e0 17214->17217 17215->17223 17285 7ff65ecd1fd0 17215->17285 17219 7ff65ecd45c8 37 API calls 17217->17219 17217->17223 17218 7ff65eccc5c0 _log10_special 8 API calls 17220 7ff65ecd39f3 17218->17220 17219->17221 17220->17194 17221->17223 17292 7ff65ecde8c8 17221->17292 17223->17218 17225 7ff65ecd32e3 17224->17225 17226 7ff65ecd32f9 17224->17226 17227 7ff65ecd3652 17225->17227 17228 7ff65ecd36c5 17225->17228 17230 7ff65ecd3337 17225->17230 17229 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 17226->17229 17226->17230 17231 7ff65ecd36ef 17227->17231 17232 7ff65ecd3658 17227->17232 17233 7ff65ecd371f 17228->17233 17234 7ff65ecd36ca 17228->17234 17229->17230 17230->17194 17237 7ff65ecd1bc0 38 API calls 17231->17237 17241 7ff65ecd365d 17232->17241 17243 7ff65ecd372e 17232->17243 17233->17231 17233->17243 17252 7ff65ecd3688 17233->17252 17235 7ff65ecd36ff 17234->17235 17236 7ff65ecd36cc 17234->17236 17239 7ff65ecd17b0 38 API calls 17235->17239 17238 7ff65ecd366d 17236->17238 17245 7ff65ecd36db 17236->17245 17237->17252 17240 7ff65ecd3f74 47 API calls 17238->17240 17253 7ff65ecd375d 17238->17253 17239->17252 17240->17252 17241->17238 17242 7ff65ecd36a0 17241->17242 17241->17252 17246 7ff65ecd4430 47 API calls 17242->17246 17242->17253 17244 7ff65ecd1fd0 38 API calls 17243->17244 17243->17253 17244->17252 17245->17231 17247 7ff65ecd36e0 17245->17247 17246->17252 17249 7ff65ecd45c8 37 API calls 17247->17249 17247->17253 17248 7ff65eccc5c0 _log10_special 8 API calls 17250 7ff65ecd39f3 17248->17250 17249->17252 17250->17194 17251 7ff65ecde8c8 47 API calls 17251->17252 17252->17251 17252->17253 17253->17248 17305 7ff65ecd0d84 17254->17305 17258 7ff65ecd3f96 17257->17258 17259 7ff65ecd0bf0 12 API calls 17258->17259 17260 7ff65ecd3fde 17259->17260 17261 7ff65ecde5e0 46 API calls 17260->17261 17262 7ff65ecd40b1 17261->17262 17263 7ff65ecd4830 45 API calls 17262->17263 17265 7ff65ecd40d3 17262->17265 17263->17265 17264 7ff65ecd4830 45 API calls 17266 7ff65ecd415c 17264->17266 17265->17264 17265->17265 17265->17266 17266->17221 17268 7ff65ecd4448 17267->17268 17270 7ff65ecd44b0 17267->17270 17269 7ff65ecde8c8 47 API calls 17268->17269 17268->17270 17269->17270 17270->17221 17272 7ff65ecd1bf3 17271->17272 17273 7ff65ecd1c22 17272->17273 17275 7ff65ecd1cdf 17272->17275 17274 7ff65ecd0bf0 12 API calls 17273->17274 17277 7ff65ecd1c5f 17273->17277 17274->17277 17276 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 17275->17276 17276->17277 17277->17221 17279 7ff65ecd17e3 17278->17279 17280 7ff65ecd1812 17279->17280 17282 7ff65ecd18cf 17279->17282 17281 7ff65ecd0bf0 12 API calls 17280->17281 17284 7ff65ecd184f 17280->17284 17281->17284 17283 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 17282->17283 17283->17284 17284->17221 17286 7ff65ecd2003 17285->17286 17287 7ff65ecd2032 17286->17287 17289 7ff65ecd20ef 17286->17289 17288 7ff65ecd0bf0 12 API calls 17287->17288 17291 7ff65ecd206f 17287->17291 17288->17291 17290 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 17289->17290 17290->17291 17291->17221 17294 7ff65ecde8f0 17292->17294 17293 7ff65ecde935 17297 7ff65ecde91e __scrt_get_show_window_mode 17293->17297 17301 7ff65ecde8f5 __scrt_get_show_window_mode 17293->17301 17302 7ff65ece0858 17293->17302 17294->17293 17295 7ff65ecd4830 45 API calls 17294->17295 17294->17297 17294->17301 17295->17293 17296 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 17296->17301 17297->17296 17297->17301 17301->17221 17304 7ff65ece087c WideCharToMultiByte 17302->17304 17306 7ff65ecd0dc3 17305->17306 17307 7ff65ecd0db1 17305->17307 17310 7ff65ecd0dd0 17306->17310 17313 7ff65ecd0e0d 17306->17313 17308 7ff65ecd4f78 _get_daylight 11 API calls 17307->17308 17309 7ff65ecd0db6 17308->17309 17311 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 17309->17311 17312 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 17310->17312 17321 7ff65ecd0dc1 17311->17321 17312->17321 17314 7ff65ecd0eb6 17313->17314 17315 7ff65ecd4f78 _get_daylight 11 API calls 17313->17315 17316 7ff65ecd4f78 _get_daylight 11 API calls 17314->17316 17314->17321 17317 7ff65ecd0eab 17315->17317 17318 7ff65ecd0f60 17316->17318 17319 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 17317->17319 17320 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 17318->17320 17319->17314 17320->17321 17321->17194 17325 7ff65ecdecad 17322->17325 17323 7ff65ecdecb2 17324 7ff65ecd4f78 _get_daylight 11 API calls 17323->17324 17327 7ff65ecd524d 17323->17327 17330 7ff65ecdecbc 17324->17330 17325->17323 17325->17327 17328 7ff65ecdecfc 17325->17328 17326 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 17326->17327 17327->17172 17327->17173 17328->17327 17329 7ff65ecd4f78 _get_daylight 11 API calls 17328->17329 17329->17330 17330->17326 17332 7ff65ecd82b5 17331->17332 17333 7ff65ecd82c8 17331->17333 17334 7ff65ecd4f78 _get_daylight 11 API calls 17332->17334 17341 7ff65ecd7f2c 17333->17341 17336 7ff65ecd82ba 17334->17336 17338 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 17336->17338 17339 7ff65ecd82c6 17338->17339 17339->16458 17348 7ff65ece0348 EnterCriticalSection 17341->17348 17350 7ff65ecc87a1 GetTokenInformation 17349->17350 17352 7ff65ecc8823 __std_exception_destroy 17349->17352 17351 7ff65ecc87c2 GetLastError 17350->17351 17353 7ff65ecc87cd 17350->17353 17351->17352 17351->17353 17354 7ff65ecc883c 17352->17354 17355 7ff65ecc8836 CloseHandle 17352->17355 17353->17352 17356 7ff65ecc87e9 GetTokenInformation 17353->17356 17354->16463 17355->17354 17356->17352 17357 7ff65ecc880c 17356->17357 17357->17352 17358 7ff65ecc8816 ConvertSidToStringSidW 17357->17358 17358->17352 17360 7ff65eccc8c0 17359->17360 17361 7ff65ecc2b74 GetCurrentProcessId 17360->17361 17362 7ff65ecc26b0 48 API calls 17361->17362 17363 7ff65ecc2bc7 17362->17363 17364 7ff65ecd4c48 48 API calls 17363->17364 17365 7ff65ecc2c10 MessageBoxW 17364->17365 17366 7ff65eccc5c0 _log10_special 8 API calls 17365->17366 17367 7ff65ecc2c40 17366->17367 17367->16473 17369 7ff65ecc25e5 17368->17369 17370 7ff65ecd4c48 48 API calls 17369->17370 17371 7ff65ecc2604 17370->17371 17371->16490 17407 7ff65ecd8804 17372->17407 17376 7ff65ecc81cc 17375->17376 17377 7ff65ecc9400 2 API calls 17376->17377 17378 7ff65ecc81eb 17377->17378 17379 7ff65ecc81f3 17378->17379 17380 7ff65ecc8206 ExpandEnvironmentStringsW 17378->17380 17381 7ff65ecc2810 49 API calls 17379->17381 17382 7ff65ecc822c __std_exception_destroy 17380->17382 17383 7ff65ecc81ff __std_exception_destroy 17381->17383 17384 7ff65ecc8243 17382->17384 17385 7ff65ecc8230 17382->17385 17386 7ff65eccc5c0 _log10_special 8 API calls 17383->17386 17389 7ff65ecc82af 17384->17389 17395 7ff65ecc8251 GetDriveTypeW 17384->17395 17387 7ff65ecc2810 49 API calls 17385->17387 17388 7ff65ecc839f 17386->17388 17387->17383 17545 7ff65ecd7e78 17389->17545 17392 7ff65ecc8285 17393 7ff65ecc82a0 17395->17392 17395->17393 17448 7ff65ece15c8 17407->17448 17507 7ff65ece1340 17448->17507 17528 7ff65ece0348 EnterCriticalSection 17507->17528 17546 7ff65ecd7f02 17545->17546 17547 7ff65ecd7e94 17545->17547 17547->17546 17647 7ff65ecc455a 17646->17647 17648 7ff65ecc9400 2 API calls 17647->17648 17649 7ff65ecc457f 17648->17649 17650 7ff65eccc5c0 _log10_special 8 API calls 17649->17650 17651 7ff65ecc45a7 17650->17651 17651->16520 17653 7ff65ecc7e1e 17652->17653 17654 7ff65ecc7f42 17653->17654 17655 7ff65ecc1c80 49 API calls 17653->17655 17656 7ff65eccc5c0 _log10_special 8 API calls 17654->17656 17660 7ff65ecc7ea5 17655->17660 17657 7ff65ecc7f73 17656->17657 17657->16520 17658 7ff65ecc1c80 49 API calls 17658->17660 17659 7ff65ecc4550 10 API calls 17659->17660 17660->17654 17660->17658 17660->17659 17661 7ff65ecc9400 2 API calls 17660->17661 17662 7ff65ecc7f13 CreateDirectoryW 17661->17662 17662->17654 17662->17660 17664 7ff65ecc1613 17663->17664 17665 7ff65ecc1637 17663->17665 17784 7ff65ecc1050 17664->17784 17666 7ff65ecc45b0 108 API calls 17665->17666 17668 7ff65ecc164b 17666->17668 17670 7ff65ecc1653 17668->17670 17671 7ff65ecc1682 17668->17671 17669 7ff65ecc1618 17672 7ff65ecc162e 17669->17672 17675 7ff65ecc2710 54 API calls 17669->17675 17673 7ff65ecd4f78 _get_daylight 11 API calls 17670->17673 17674 7ff65ecc45b0 108 API calls 17671->17674 17672->16520 17676 7ff65ecc1658 17673->17676 17677 7ff65ecc1696 17674->17677 17675->17672 17678 7ff65ecc2910 54 API calls 17676->17678 17679 7ff65ecc169e 17677->17679 17680 7ff65ecc16b8 17677->17680 17682 7ff65ecc1671 17678->17682 17683 7ff65ecc2710 54 API calls 17679->17683 17681 7ff65ecd0744 73 API calls 17680->17681 17684 7ff65ecc16cd 17681->17684 17682->16520 17685 7ff65ecc16ae 17683->17685 17686 7ff65ecc16d1 17684->17686 17687 7ff65ecc16f9 17684->17687 17691 7ff65ecd00bc 74 API calls 17685->17691 17688 7ff65ecd4f78 _get_daylight 11 API calls 17686->17688 17689 7ff65ecc16ff 17687->17689 17690 7ff65ecc1717 17687->17690 17692 7ff65ecc16d6 17688->17692 17694 7ff65ecc1829 17691->17694 17694->16520 17712 7ff65ecc717b 17711->17712 17714 7ff65ecc7134 17711->17714 17712->16520 17714->17712 17848 7ff65ecd5094 17714->17848 17716 7ff65ecc4191 17715->17716 17717 7ff65ecc44d0 49 API calls 17716->17717 17718 7ff65ecc41cb 17717->17718 17719 7ff65ecc44d0 49 API calls 17718->17719 17720 7ff65ecc41db 17719->17720 17721 7ff65ecc41fd 17720->17721 17722 7ff65ecc422c 17720->17722 17879 7ff65ecc4100 17721->17879 17723 7ff65ecc4100 51 API calls 17722->17723 17725 7ff65ecc422a 17723->17725 17726 7ff65ecc4257 17725->17726 17727 7ff65ecc428c 17725->17727 17886 7ff65ecc7ce0 17726->17886 17729 7ff65ecc4100 51 API calls 17727->17729 17731 7ff65ecc42b0 17729->17731 17735 7ff65ecc4100 51 API calls 17731->17735 17744 7ff65ecc4302 17731->17744 17760 7ff65ecc1c80 49 API calls 17759->17760 17761 7ff65ecc4464 17760->17761 17761->16520 17785 7ff65ecc45b0 108 API calls 17784->17785 17786 7ff65ecc108c 17785->17786 17787 7ff65ecc1094 17786->17787 17788 7ff65ecc10a9 17786->17788 17789 7ff65ecc2710 54 API calls 17787->17789 17790 7ff65ecd0744 73 API calls 17788->17790 17795 7ff65ecc10a4 __std_exception_destroy 17789->17795 17791 7ff65ecc10bf 17790->17791 17792 7ff65ecc10c3 17791->17792 17793 7ff65ecc10e6 17791->17793 17794 7ff65ecd4f78 _get_daylight 11 API calls 17792->17794 17797 7ff65ecc1122 17793->17797 17798 7ff65ecc10f7 17793->17798 17796 7ff65ecc10c8 17794->17796 17795->17669 17799 7ff65ecc2910 54 API calls 17796->17799 17801 7ff65ecc1129 17797->17801 17809 7ff65ecc113c 17797->17809 17800 7ff65ecd4f78 _get_daylight 11 API calls 17798->17800 17806 7ff65ecc10e1 __std_exception_destroy 17799->17806 17802 7ff65ecc1100 17800->17802 17803 7ff65ecc1210 92 API calls 17801->17803 17804 7ff65ecc2910 54 API calls 17802->17804 17803->17806 17804->17806 17805 7ff65ecd00bc 74 API calls 17806->17805 17808 7ff65ecd040c _fread_nolock 53 API calls 17808->17809 17809->17806 17809->17808 17810 7ff65ecc11ed 17809->17810 17812 7ff65ecd4f78 _get_daylight 11 API calls 17810->17812 17849 7ff65ecd50ce 17848->17849 17850 7ff65ecd50a1 17848->17850 17852 7ff65ecd50f1 17849->17852 17853 7ff65ecd510d 17849->17853 17851 7ff65ecd4f78 _get_daylight 11 API calls 17850->17851 17860 7ff65ecd5058 17850->17860 17854 7ff65ecd50ab 17851->17854 17855 7ff65ecd4f78 _get_daylight 11 API calls 17852->17855 17863 7ff65ecd4fbc 17853->17863 17857 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 17854->17857 17858 7ff65ecd50f6 17855->17858 17859 7ff65ecd50b6 17857->17859 17861 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 17858->17861 17859->17714 17860->17714 17862 7ff65ecd5101 17861->17862 17862->17714 17864 7ff65ecd4fe0 17863->17864 17865 7ff65ecd4fdb 17863->17865 17864->17865 17866 7ff65ecdb1c0 _CreateFrameInfo 45 API calls 17864->17866 17865->17862 17867 7ff65ecd4ffb 17866->17867 17871 7ff65ecdd9f4 17867->17871 17872 7ff65ecd501e 17871->17872 17873 7ff65ecdda09 17871->17873 17875 7ff65ecdda60 17872->17875 17873->17872 17874 7ff65ece3374 45 API calls 17873->17874 17874->17872 17876 7ff65ecdda88 17875->17876 17877 7ff65ecdda75 17875->17877 17876->17865 17877->17876 17880 7ff65ecc4126 17879->17880 17881 7ff65ecd49f4 49 API calls 17880->17881 17882 7ff65ecc414c 17881->17882 17883 7ff65ecc415d 17882->17883 17884 7ff65ecc4550 10 API calls 17882->17884 17883->17725 17887 7ff65ecc7cf5 17886->17887 17943 7ff65ecd5f38 17942->17943 17944 7ff65ecd5f5e 17943->17944 17946 7ff65ecd5f91 17943->17946 17945 7ff65ecd4f78 _get_daylight 11 API calls 17944->17945 17947 7ff65ecd5f63 17945->17947 17948 7ff65ecd5fa4 17946->17948 17949 7ff65ecd5f97 17946->17949 17950 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 17947->17950 17961 7ff65ecdac98 17948->17961 17951 7ff65ecd4f78 _get_daylight 11 API calls 17949->17951 17953 7ff65ecc4606 17950->17953 17951->17953 17953->16551 17974 7ff65ece0348 EnterCriticalSection 17961->17974 18334 7ff65ecd7968 18333->18334 18337 7ff65ecd7444 18334->18337 18336 7ff65ecd7981 18336->16561 18338 7ff65ecd748e 18337->18338 18339 7ff65ecd745f 18337->18339 18347 7ff65ecd54dc EnterCriticalSection 18338->18347 18341 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 18339->18341 18343 7ff65ecd747f 18341->18343 18343->18336 18349 7ff65eccfeb3 18348->18349 18350 7ff65eccfee1 18348->18350 18352 7ff65ecda884 _invalid_parameter_noinfo 37 API calls 18349->18352 18351 7ff65eccfed3 18350->18351 18358 7ff65ecd54dc EnterCriticalSection 18350->18358 18351->16565 18352->18351 18360 7ff65ecc45b0 108 API calls 18359->18360 18361 7ff65ecc1493 18360->18361 18362 7ff65ecc14bc 18361->18362 18363 7ff65ecc149b 18361->18363 18365 7ff65ecd0744 73 API calls 18362->18365 18364 7ff65ecc2710 54 API calls 18363->18364 18366 7ff65ecc14ab 18364->18366 18367 7ff65ecc14d1 18365->18367 18366->16591 18368 7ff65ecc14d5 18367->18368 18369 7ff65ecc14f8 18367->18369 18370 7ff65ecd4f78 _get_daylight 11 API calls 18368->18370 18373 7ff65ecc1532 18369->18373 18374 7ff65ecc1508 18369->18374 18371 7ff65ecc14da 18370->18371 18375 7ff65ecc1538 18373->18375 18384 7ff65ecc154b 18373->18384 18376 7ff65ecd4f78 _get_daylight 11 API calls 18374->18376 18466 7ff65ecc6365 18465->18466 18467 7ff65ecc1c80 49 API calls 18466->18467 18468 7ff65ecc63a1 18467->18468 18469 7ff65ecc63cd 18468->18469 18470 7ff65ecc63aa 18468->18470 18471 7ff65ecc4620 49 API calls 18469->18471 18472 7ff65ecc2710 54 API calls 18470->18472 18473 7ff65ecc63e5 18471->18473 18489 7ff65ecc63c3 18472->18489 18474 7ff65ecc6403 18473->18474 18475 7ff65ecc2710 54 API calls 18473->18475 18476 7ff65ecc4550 10 API calls 18474->18476 18475->18474 18479 7ff65ecc640d 18476->18479 18477 7ff65eccc5c0 _log10_special 8 API calls 18478 7ff65ecc336e 18477->18478 18478->16660 18496 7ff65ecc64f0 18478->18496 18480 7ff65ecc641b 18479->18480 18481 7ff65ecc9070 3 API calls 18479->18481 18482 7ff65ecc4620 49 API calls 18480->18482 18481->18480 18489->18477 18645 7ff65ecc53f0 18496->18645 18647 7ff65ecc541c 18645->18647 18646 7ff65ecc5424 18647->18646 18650 7ff65ecc55c4 18647->18650 18676 7ff65ecd6b14 18647->18676 20253 7ff65ece1720 20264 7ff65ece7454 20253->20264 20265 7ff65ece7461 20264->20265 20266 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20265->20266 20267 7ff65ece747d 20265->20267 20266->20265 20268 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20267->20268 20269 7ff65ece1729 20267->20269 20268->20267 20270 7ff65ece0348 EnterCriticalSection 20269->20270 18808 7ff65ecd5698 18809 7ff65ecd56b2 18808->18809 18810 7ff65ecd56cf 18808->18810 18812 7ff65ecd4f58 _fread_nolock 11 API calls 18809->18812 18810->18809 18811 7ff65ecd56e2 CreateFileW 18810->18811 18813 7ff65ecd574c 18811->18813 18814 7ff65ecd5716 18811->18814 18815 7ff65ecd56b7 18812->18815 18859 7ff65ecd5c74 18813->18859 18833 7ff65ecd57ec GetFileType 18814->18833 18818 7ff65ecd4f78 _get_daylight 11 API calls 18815->18818 18821 7ff65ecd56bf 18818->18821 18822 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 18821->18822 18828 7ff65ecd56ca 18822->18828 18823 7ff65ecd5741 CloseHandle 18823->18828 18824 7ff65ecd572b CloseHandle 18824->18828 18825 7ff65ecd5755 18829 7ff65ecd4eec _fread_nolock 11 API calls 18825->18829 18826 7ff65ecd5780 18880 7ff65ecd5a34 18826->18880 18832 7ff65ecd575f 18829->18832 18832->18828 18834 7ff65ecd583a 18833->18834 18835 7ff65ecd58f7 18833->18835 18838 7ff65ecd5866 GetFileInformationByHandle 18834->18838 18843 7ff65ecd5b70 21 API calls 18834->18843 18836 7ff65ecd58ff 18835->18836 18837 7ff65ecd5921 18835->18837 18839 7ff65ecd5912 GetLastError 18836->18839 18840 7ff65ecd5903 18836->18840 18842 7ff65ecd5944 PeekNamedPipe 18837->18842 18858 7ff65ecd58e2 18837->18858 18838->18839 18841 7ff65ecd588f 18838->18841 18846 7ff65ecd4eec _fread_nolock 11 API calls 18839->18846 18844 7ff65ecd4f78 _get_daylight 11 API calls 18840->18844 18845 7ff65ecd5a34 51 API calls 18841->18845 18842->18858 18847 7ff65ecd5854 18843->18847 18844->18858 18848 7ff65ecd589a 18845->18848 18846->18858 18847->18838 18847->18858 18897 7ff65ecd5994 18848->18897 18849 7ff65eccc5c0 _log10_special 8 API calls 18851 7ff65ecd5724 18849->18851 18851->18823 18851->18824 18853 7ff65ecd5994 10 API calls 18854 7ff65ecd58b9 18853->18854 18855 7ff65ecd5994 10 API calls 18854->18855 18856 7ff65ecd58ca 18855->18856 18857 7ff65ecd4f78 _get_daylight 11 API calls 18856->18857 18856->18858 18857->18858 18858->18849 18860 7ff65ecd5caa 18859->18860 18861 7ff65ecd4f78 _get_daylight 11 API calls 18860->18861 18874 7ff65ecd5d42 __std_exception_destroy 18860->18874 18863 7ff65ecd5cbc 18861->18863 18862 7ff65eccc5c0 _log10_special 8 API calls 18864 7ff65ecd5751 18862->18864 18865 7ff65ecd4f78 _get_daylight 11 API calls 18863->18865 18864->18825 18864->18826 18866 7ff65ecd5cc4 18865->18866 18867 7ff65ecd7e78 45 API calls 18866->18867 18868 7ff65ecd5cd9 18867->18868 18869 7ff65ecd5ce1 18868->18869 18870 7ff65ecd5ceb 18868->18870 18871 7ff65ecd4f78 _get_daylight 11 API calls 18869->18871 18872 7ff65ecd4f78 _get_daylight 11 API calls 18870->18872 18879 7ff65ecd5ce6 18871->18879 18873 7ff65ecd5cf0 18872->18873 18873->18874 18875 7ff65ecd4f78 _get_daylight 11 API calls 18873->18875 18874->18862 18876 7ff65ecd5cfa 18875->18876 18877 7ff65ecd7e78 45 API calls 18876->18877 18877->18879 18878 7ff65ecd5d34 GetDriveTypeW 18878->18874 18879->18874 18879->18878 18882 7ff65ecd5a5c 18880->18882 18881 7ff65ecd578d 18890 7ff65ecd5b70 18881->18890 18882->18881 18904 7ff65ecdf794 18882->18904 18884 7ff65ecd5af0 18884->18881 18885 7ff65ecdf794 51 API calls 18884->18885 18886 7ff65ecd5b03 18885->18886 18886->18881 18887 7ff65ecdf794 51 API calls 18886->18887 18888 7ff65ecd5b16 18887->18888 18888->18881 18889 7ff65ecdf794 51 API calls 18888->18889 18889->18881 18891 7ff65ecd5b8a 18890->18891 18892 7ff65ecd5bc1 18891->18892 18893 7ff65ecd5b9a 18891->18893 18894 7ff65ecdf628 21 API calls 18892->18894 18895 7ff65ecd4eec _fread_nolock 11 API calls 18893->18895 18896 7ff65ecd5baa 18893->18896 18894->18896 18895->18896 18896->18832 18898 7ff65ecd59b0 18897->18898 18899 7ff65ecd59bd FileTimeToSystemTime 18897->18899 18898->18899 18902 7ff65ecd59b8 18898->18902 18900 7ff65ecd59d1 SystemTimeToTzSpecificLocalTime 18899->18900 18899->18902 18900->18902 18901 7ff65eccc5c0 _log10_special 8 API calls 18903 7ff65ecd58a9 18901->18903 18902->18901 18903->18853 18905 7ff65ecdf7c5 18904->18905 18906 7ff65ecdf7a1 18904->18906 18908 7ff65ecdf7ff 18905->18908 18911 7ff65ecdf81e 18905->18911 18906->18905 18907 7ff65ecdf7a6 18906->18907 18909 7ff65ecd4f78 _get_daylight 11 API calls 18907->18909 18910 7ff65ecd4f78 _get_daylight 11 API calls 18908->18910 18912 7ff65ecdf7ab 18909->18912 18913 7ff65ecdf804 18910->18913 18914 7ff65ecd4fbc 45 API calls 18911->18914 18915 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 18912->18915 18916 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 18913->18916 18920 7ff65ecdf82b 18914->18920 18917 7ff65ecdf7b6 18915->18917 18918 7ff65ecdf80f 18916->18918 18917->18884 18918->18884 18919 7ff65ece054c 51 API calls 18919->18920 18920->18918 18920->18919 20591 7ff65eceac53 20593 7ff65eceac63 20591->20593 20595 7ff65ecd54e8 LeaveCriticalSection 20593->20595 15936 7ff65ecd99d1 15948 7ff65ecda448 15936->15948 15953 7ff65ecdb1c0 GetLastError 15948->15953 15954 7ff65ecdb1e4 FlsGetValue 15953->15954 15955 7ff65ecdb201 FlsSetValue 15953->15955 15956 7ff65ecdb1f1 SetLastError 15954->15956 15957 7ff65ecdb1fb 15954->15957 15955->15956 15958 7ff65ecdb213 15955->15958 15961 7ff65ecda451 15956->15961 15962 7ff65ecdb28d 15956->15962 15957->15955 15984 7ff65ecdec08 15958->15984 15975 7ff65ecda574 15961->15975 15964 7ff65ecda574 _CreateFrameInfo 38 API calls 15962->15964 15969 7ff65ecdb292 15964->15969 15965 7ff65ecdb240 FlsSetValue 15967 7ff65ecdb25e 15965->15967 15968 7ff65ecdb24c FlsSetValue 15965->15968 15966 7ff65ecdb230 FlsSetValue 15970 7ff65ecdb239 15966->15970 15997 7ff65ecdaf64 15967->15997 15968->15970 15991 7ff65ecda9b8 15970->15991 16045 7ff65ece36c0 15975->16045 15989 7ff65ecdec19 _get_daylight 15984->15989 15985 7ff65ecdec6a 16005 7ff65ecd4f78 15985->16005 15986 7ff65ecdec4e HeapAlloc 15987 7ff65ecdb222 15986->15987 15986->15989 15987->15965 15987->15966 15989->15985 15989->15986 16002 7ff65ece3600 15989->16002 15992 7ff65ecda9ec 15991->15992 15993 7ff65ecda9bd RtlFreeHeap 15991->15993 15992->15956 15993->15992 15994 7ff65ecda9d8 GetLastError 15993->15994 15995 7ff65ecda9e5 Concurrency::details::SchedulerProxy::DeleteThis 15994->15995 15996 7ff65ecd4f78 _get_daylight 9 API calls 15995->15996 15996->15992 16031 7ff65ecdae3c 15997->16031 16008 7ff65ece3640 16002->16008 16014 7ff65ecdb338 GetLastError 16005->16014 16007 7ff65ecd4f81 16007->15987 16013 7ff65ece0348 EnterCriticalSection 16008->16013 16015 7ff65ecdb379 FlsSetValue 16014->16015 16016 7ff65ecdb35c 16014->16016 16017 7ff65ecdb38b 16015->16017 16020 7ff65ecdb369 16015->16020 16016->16015 16016->16020 16019 7ff65ecdec08 _get_daylight 5 API calls 16017->16019 16018 7ff65ecdb3e5 SetLastError 16018->16007 16021 7ff65ecdb39a 16019->16021 16020->16018 16022 7ff65ecdb3b8 FlsSetValue 16021->16022 16023 7ff65ecdb3a8 FlsSetValue 16021->16023 16024 7ff65ecdb3c4 FlsSetValue 16022->16024 16025 7ff65ecdb3d6 16022->16025 16026 7ff65ecdb3b1 16023->16026 16024->16026 16027 7ff65ecdaf64 _get_daylight 5 API calls 16025->16027 16028 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16026->16028 16029 7ff65ecdb3de 16027->16029 16028->16020 16030 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16029->16030 16030->16018 16043 7ff65ece0348 EnterCriticalSection 16031->16043 16079 7ff65ece3678 16045->16079 16084 7ff65ece0348 EnterCriticalSection 16079->16084 19661 7ff65ecccbc0 19662 7ff65ecccbd0 19661->19662 19678 7ff65ecd9c18 19662->19678 19664 7ff65ecccbdc 19684 7ff65eccceb8 19664->19684 19666 7ff65eccd19c 7 API calls 19668 7ff65ecccc75 19666->19668 19667 7ff65ecccbf4 _RTC_Initialize 19676 7ff65ecccc49 19667->19676 19689 7ff65eccd068 19667->19689 19670 7ff65ecccc09 19692 7ff65ecd9084 19670->19692 19676->19666 19677 7ff65ecccc65 19676->19677 19679 7ff65ecd9c29 19678->19679 19680 7ff65ecd9c31 19679->19680 19681 7ff65ecd4f78 _get_daylight 11 API calls 19679->19681 19680->19664 19682 7ff65ecd9c40 19681->19682 19683 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 19682->19683 19683->19680 19685 7ff65ecccec9 19684->19685 19688 7ff65ecccece __scrt_release_startup_lock 19684->19688 19686 7ff65eccd19c 7 API calls 19685->19686 19685->19688 19687 7ff65ecccf42 19686->19687 19688->19667 19717 7ff65eccd02c 19689->19717 19691 7ff65eccd071 19691->19670 19693 7ff65ecd90a4 19692->19693 19715 7ff65ecccc15 19692->19715 19694 7ff65ecd90c2 GetModuleFileNameW 19693->19694 19695 7ff65ecd90ac 19693->19695 19699 7ff65ecd90ed 19694->19699 19696 7ff65ecd4f78 _get_daylight 11 API calls 19695->19696 19697 7ff65ecd90b1 19696->19697 19698 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 19697->19698 19698->19715 19732 7ff65ecd9024 19699->19732 19702 7ff65ecd9135 19703 7ff65ecd4f78 _get_daylight 11 API calls 19702->19703 19704 7ff65ecd913a 19703->19704 19705 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19704->19705 19705->19715 19706 7ff65ecd916f 19707 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19706->19707 19707->19715 19708 7ff65ecd914d 19708->19706 19709 7ff65ecd91b4 19708->19709 19710 7ff65ecd919b 19708->19710 19712 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19709->19712 19711 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19710->19711 19713 7ff65ecd91a4 19711->19713 19712->19706 19714 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19713->19714 19714->19715 19715->19676 19716 7ff65eccd13c InitializeSListHead 19715->19716 19718 7ff65eccd046 19717->19718 19720 7ff65eccd03f 19717->19720 19721 7ff65ecda25c 19718->19721 19720->19691 19724 7ff65ecd9e98 19721->19724 19731 7ff65ece0348 EnterCriticalSection 19724->19731 19733 7ff65ecd903c 19732->19733 19734 7ff65ecd9074 19732->19734 19733->19734 19735 7ff65ecdec08 _get_daylight 11 API calls 19733->19735 19734->19702 19734->19708 19736 7ff65ecd906a 19735->19736 19737 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19736->19737 19737->19734 19741 7ff65ecd9dc0 19744 7ff65ecd9d3c 19741->19744 19751 7ff65ece0348 EnterCriticalSection 19744->19751 20596 7ff65ecdb040 20597 7ff65ecdb045 20596->20597 20598 7ff65ecdb05a 20596->20598 20602 7ff65ecdb060 20597->20602 20603 7ff65ecdb0a2 20602->20603 20604 7ff65ecdb0aa 20602->20604 20605 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20603->20605 20606 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20604->20606 20605->20604 20607 7ff65ecdb0b7 20606->20607 20608 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20607->20608 20609 7ff65ecdb0c4 20608->20609 20610 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20609->20610 20611 7ff65ecdb0d1 20610->20611 20612 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20611->20612 20613 7ff65ecdb0de 20612->20613 20614 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20613->20614 20615 7ff65ecdb0eb 20614->20615 20616 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20615->20616 20617 7ff65ecdb0f8 20616->20617 20618 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20617->20618 20619 7ff65ecdb105 20618->20619 20620 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20619->20620 20621 7ff65ecdb115 20620->20621 20622 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20621->20622 20623 7ff65ecdb125 20622->20623 20628 7ff65ecdaf04 20623->20628 20642 7ff65ece0348 EnterCriticalSection 20628->20642 18921 7ff65ece0938 18922 7ff65ece095c 18921->18922 18924 7ff65ece096c 18921->18924 18923 7ff65ecd4f78 _get_daylight 11 API calls 18922->18923 18943 7ff65ece0961 18923->18943 18925 7ff65ece0c4c 18924->18925 18926 7ff65ece098e 18924->18926 18927 7ff65ecd4f78 _get_daylight 11 API calls 18925->18927 18928 7ff65ece09af 18926->18928 19052 7ff65ece0ff4 18926->19052 18929 7ff65ece0c51 18927->18929 18932 7ff65ece0a21 18928->18932 18934 7ff65ece09d5 18928->18934 18939 7ff65ece0a15 18928->18939 18931 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18929->18931 18931->18943 18936 7ff65ecdec08 _get_daylight 11 API calls 18932->18936 18950 7ff65ece09e4 18932->18950 18933 7ff65ece0ace 18942 7ff65ece0aeb 18933->18942 18951 7ff65ece0b3d 18933->18951 19067 7ff65ecd9730 18934->19067 18940 7ff65ece0a37 18936->18940 18938 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18938->18943 18939->18933 18939->18950 19073 7ff65ece719c 18939->19073 18944 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18940->18944 18947 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18942->18947 18948 7ff65ece0a45 18944->18948 18945 7ff65ece09df 18949 7ff65ecd4f78 _get_daylight 11 API calls 18945->18949 18946 7ff65ece09fd 18946->18939 18953 7ff65ece0ff4 45 API calls 18946->18953 18952 7ff65ece0af4 18947->18952 18948->18939 18948->18950 18955 7ff65ecdec08 _get_daylight 11 API calls 18948->18955 18949->18950 18950->18938 18951->18950 18954 7ff65ece344c 40 API calls 18951->18954 18963 7ff65ece0af9 18952->18963 19109 7ff65ece344c 18952->19109 18953->18939 18956 7ff65ece0b7a 18954->18956 18957 7ff65ece0a67 18955->18957 18958 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18956->18958 18960 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18957->18960 18961 7ff65ece0b84 18958->18961 18960->18939 18961->18950 18961->18963 18962 7ff65ece0c40 18965 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18962->18965 18963->18962 18967 7ff65ecdec08 _get_daylight 11 API calls 18963->18967 18964 7ff65ece0b25 18966 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18964->18966 18965->18943 18966->18963 18968 7ff65ece0bc8 18967->18968 18969 7ff65ece0bd0 18968->18969 18970 7ff65ece0bd9 18968->18970 18971 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18969->18971 18972 7ff65ecda514 __std_exception_copy 37 API calls 18970->18972 18973 7ff65ece0bd7 18971->18973 18974 7ff65ece0be8 18972->18974 18979 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18973->18979 18975 7ff65ece0bf0 18974->18975 18976 7ff65ece0c7b 18974->18976 19118 7ff65ece72b4 18975->19118 18978 7ff65ecda970 _isindst 17 API calls 18976->18978 18981 7ff65ece0c8f 18978->18981 18979->18943 18984 7ff65ece0cb8 18981->18984 18990 7ff65ece0cc8 18981->18990 18982 7ff65ece0c17 18987 7ff65ecd4f78 _get_daylight 11 API calls 18982->18987 18983 7ff65ece0c38 18986 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18983->18986 18985 7ff65ecd4f78 _get_daylight 11 API calls 18984->18985 18988 7ff65ece0cbd 18985->18988 18986->18962 18989 7ff65ece0c1c 18987->18989 18992 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18989->18992 18991 7ff65ece0fab 18990->18991 18993 7ff65ece0cea 18990->18993 18994 7ff65ecd4f78 _get_daylight 11 API calls 18991->18994 18992->18973 18995 7ff65ece0d07 18993->18995 19137 7ff65ece10dc 18993->19137 18996 7ff65ece0fb0 18994->18996 18999 7ff65ece0d7b 18995->18999 19000 7ff65ece0d2f 18995->19000 19017 7ff65ece0d6f 18995->19017 18998 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18996->18998 18998->18988 19005 7ff65ecdec08 _get_daylight 11 API calls 18999->19005 19014 7ff65ece0d3e 18999->19014 19020 7ff65ece0da3 18999->19020 19152 7ff65ecd976c 19000->19152 19003 7ff65ecdec08 _get_daylight 11 API calls 19010 7ff65ece0dc5 19003->19010 19004 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19004->18988 19011 7ff65ece0d95 19005->19011 19007 7ff65ece0d39 19013 7ff65ecd4f78 _get_daylight 11 API calls 19007->19013 19008 7ff65ece0e9e 19008->19014 19023 7ff65ece344c 40 API calls 19008->19023 19009 7ff65ece0e4b 19015 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19009->19015 19016 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19010->19016 19012 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19011->19012 19012->19020 19013->19014 19014->19004 19021 7ff65ece0e54 19015->19021 19016->19017 19017->19014 19019 7ff65ece0e2e 19017->19019 19158 7ff65ece705c 19017->19158 19018 7ff65ece0d57 19018->19017 19022 7ff65ece10dc 45 API calls 19018->19022 19019->19008 19019->19009 19020->19003 19020->19014 19020->19017 19026 7ff65ece344c 40 API calls 19021->19026 19029 7ff65ece0e5a 19021->19029 19022->19017 19024 7ff65ece0edc 19023->19024 19025 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19024->19025 19027 7ff65ece0ee6 19025->19027 19030 7ff65ece0e86 19026->19030 19027->19014 19027->19029 19028 7ff65ece0f9f 19031 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19028->19031 19029->19028 19033 7ff65ecdec08 _get_daylight 11 API calls 19029->19033 19032 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19030->19032 19031->18988 19032->19029 19034 7ff65ece0f2b 19033->19034 19035 7ff65ece0f33 19034->19035 19036 7ff65ece0f3c 19034->19036 19037 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19035->19037 19038 7ff65ece04e4 37 API calls 19036->19038 19039 7ff65ece0f3a 19037->19039 19040 7ff65ece0f4a 19038->19040 19046 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19039->19046 19041 7ff65ece0f52 SetEnvironmentVariableW 19040->19041 19042 7ff65ece0fdf 19040->19042 19043 7ff65ece0f97 19041->19043 19044 7ff65ece0f76 19041->19044 19045 7ff65ecda970 _isindst 17 API calls 19042->19045 19047 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19043->19047 19048 7ff65ecd4f78 _get_daylight 11 API calls 19044->19048 19049 7ff65ece0ff3 19045->19049 19046->18988 19047->19028 19050 7ff65ece0f7b 19048->19050 19051 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19050->19051 19051->19039 19053 7ff65ece1011 19052->19053 19054 7ff65ece1029 19052->19054 19053->18928 19055 7ff65ecdec08 _get_daylight 11 API calls 19054->19055 19060 7ff65ece104d 19055->19060 19056 7ff65ece10ae 19058 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19056->19058 19057 7ff65ecda574 _CreateFrameInfo 45 API calls 19059 7ff65ece10d8 19057->19059 19058->19053 19060->19056 19061 7ff65ecdec08 _get_daylight 11 API calls 19060->19061 19062 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19060->19062 19063 7ff65ecda514 __std_exception_copy 37 API calls 19060->19063 19064 7ff65ece10bd 19060->19064 19066 7ff65ece10d2 19060->19066 19061->19060 19062->19060 19063->19060 19065 7ff65ecda970 _isindst 17 API calls 19064->19065 19065->19066 19066->19057 19068 7ff65ecd9740 19067->19068 19069 7ff65ecd9749 19067->19069 19068->19069 19182 7ff65ecd9208 19068->19182 19069->18945 19069->18946 19074 7ff65ece62c4 19073->19074 19075 7ff65ece71a9 19073->19075 19076 7ff65ece62d1 19074->19076 19082 7ff65ece6307 19074->19082 19077 7ff65ecd4fbc 45 API calls 19075->19077 19080 7ff65ecd4f78 _get_daylight 11 API calls 19076->19080 19092 7ff65ece6278 19076->19092 19079 7ff65ece71dd 19077->19079 19078 7ff65ece6331 19081 7ff65ecd4f78 _get_daylight 11 API calls 19078->19081 19085 7ff65ece71f3 19079->19085 19089 7ff65ece720a 19079->19089 19104 7ff65ece71e2 19079->19104 19083 7ff65ece62db 19080->19083 19084 7ff65ece6336 19081->19084 19082->19078 19086 7ff65ece6356 19082->19086 19087 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 19083->19087 19088 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 19084->19088 19090 7ff65ecd4f78 _get_daylight 11 API calls 19085->19090 19094 7ff65ecd4fbc 45 API calls 19086->19094 19107 7ff65ece6341 19086->19107 19091 7ff65ece62e6 19087->19091 19088->19107 19095 7ff65ece7214 19089->19095 19096 7ff65ece7226 19089->19096 19093 7ff65ece71f8 19090->19093 19091->18939 19092->18939 19099 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 19093->19099 19094->19107 19100 7ff65ecd4f78 _get_daylight 11 API calls 19095->19100 19097 7ff65ece724e 19096->19097 19098 7ff65ece7237 19096->19098 19424 7ff65ece8fbc 19097->19424 19415 7ff65ece6314 19098->19415 19099->19104 19101 7ff65ece7219 19100->19101 19105 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 19101->19105 19104->18939 19105->19104 19107->18939 19108 7ff65ecd4f78 _get_daylight 11 API calls 19108->19104 19110 7ff65ece346e 19109->19110 19111 7ff65ece348b 19109->19111 19110->19111 19113 7ff65ece347c 19110->19113 19112 7ff65ece3495 19111->19112 19464 7ff65ece7ca8 19111->19464 19471 7ff65ece7ce4 19112->19471 19115 7ff65ecd4f78 _get_daylight 11 API calls 19113->19115 19117 7ff65ece3481 __scrt_get_show_window_mode 19115->19117 19117->18964 19119 7ff65ecd4fbc 45 API calls 19118->19119 19120 7ff65ece731a 19119->19120 19122 7ff65ece7328 19120->19122 19483 7ff65ecdef94 19120->19483 19486 7ff65ecd551c 19122->19486 19125 7ff65ecd4fbc 45 API calls 19127 7ff65ece7397 19125->19127 19126 7ff65ece7414 19128 7ff65ece7425 19126->19128 19130 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19126->19130 19131 7ff65ecdef94 5 API calls 19127->19131 19133 7ff65ece73a0 19127->19133 19129 7ff65ece0c13 19128->19129 19132 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19128->19132 19129->18982 19129->18983 19130->19128 19131->19133 19132->19129 19134 7ff65ecd551c 14 API calls 19133->19134 19135 7ff65ece73fb 19134->19135 19135->19126 19136 7ff65ece7403 SetEnvironmentVariableW 19135->19136 19136->19126 19138 7ff65ece111c 19137->19138 19139 7ff65ece10ff 19137->19139 19140 7ff65ecdec08 _get_daylight 11 API calls 19138->19140 19139->18995 19147 7ff65ece1140 19140->19147 19141 7ff65ece11c4 19143 7ff65ecda574 _CreateFrameInfo 45 API calls 19141->19143 19142 7ff65ece11a1 19145 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19142->19145 19144 7ff65ece11ca 19143->19144 19145->19139 19146 7ff65ecdec08 _get_daylight 11 API calls 19146->19147 19147->19141 19147->19142 19147->19146 19148 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19147->19148 19149 7ff65ece04e4 37 API calls 19147->19149 19150 7ff65ece11b0 19147->19150 19148->19147 19149->19147 19151 7ff65ecda970 _isindst 17 API calls 19150->19151 19151->19141 19153 7ff65ecd9785 19152->19153 19154 7ff65ecd977c 19152->19154 19153->19007 19153->19018 19154->19153 19508 7ff65ecd927c 19154->19508 19160 7ff65ece7069 19158->19160 19162 7ff65ece7096 19158->19162 19159 7ff65ece706e 19161 7ff65ecd4f78 _get_daylight 11 API calls 19159->19161 19160->19159 19160->19162 19164 7ff65ece7073 19161->19164 19163 7ff65ece70da 19162->19163 19166 7ff65ece70f9 19162->19166 19180 7ff65ece70ce __crtLCMapStringW 19162->19180 19165 7ff65ecd4f78 _get_daylight 11 API calls 19163->19165 19167 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 19164->19167 19168 7ff65ece70df 19165->19168 19169 7ff65ece7103 19166->19169 19170 7ff65ece7115 19166->19170 19171 7ff65ece707e 19167->19171 19173 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 19168->19173 19174 7ff65ecd4f78 _get_daylight 11 API calls 19169->19174 19172 7ff65ecd4fbc 45 API calls 19170->19172 19171->19017 19176 7ff65ece7122 19172->19176 19173->19180 19175 7ff65ece7108 19174->19175 19177 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 19175->19177 19176->19180 19555 7ff65ece8b78 19176->19555 19177->19180 19180->19017 19181 7ff65ecd4f78 _get_daylight 11 API calls 19181->19180 19183 7ff65ecd9221 19182->19183 19184 7ff65ecd921d 19182->19184 19205 7ff65ece2660 19183->19205 19184->19069 19197 7ff65ecd955c 19184->19197 19189 7ff65ecd9233 19191 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19189->19191 19190 7ff65ecd923f 19231 7ff65ecd92ec 19190->19231 19191->19184 19194 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19195 7ff65ecd9266 19194->19195 19196 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19195->19196 19196->19184 19198 7ff65ecd959e 19197->19198 19199 7ff65ecd9585 19197->19199 19198->19199 19200 7ff65ecdec08 _get_daylight 11 API calls 19198->19200 19201 7ff65ecd962e 19198->19201 19202 7ff65ece0858 WideCharToMultiByte 19198->19202 19204 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19198->19204 19199->19069 19200->19198 19203 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19201->19203 19202->19198 19203->19199 19204->19198 19206 7ff65ece266d 19205->19206 19207 7ff65ecd9226 19205->19207 19250 7ff65ecdb294 19206->19250 19211 7ff65ece299c GetEnvironmentStringsW 19207->19211 19212 7ff65ecd922b 19211->19212 19213 7ff65ece29cc 19211->19213 19212->19189 19212->19190 19214 7ff65ece0858 WideCharToMultiByte 19213->19214 19215 7ff65ece2a1d 19214->19215 19216 7ff65ece2a24 FreeEnvironmentStringsW 19215->19216 19217 7ff65ecdd66c _fread_nolock 12 API calls 19215->19217 19216->19212 19218 7ff65ece2a37 19217->19218 19219 7ff65ece2a3f 19218->19219 19220 7ff65ece2a48 19218->19220 19221 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19219->19221 19222 7ff65ece0858 WideCharToMultiByte 19220->19222 19223 7ff65ece2a46 19221->19223 19224 7ff65ece2a6b 19222->19224 19223->19216 19225 7ff65ece2a6f 19224->19225 19226 7ff65ece2a79 19224->19226 19227 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19225->19227 19228 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19226->19228 19229 7ff65ece2a77 FreeEnvironmentStringsW 19227->19229 19228->19229 19229->19212 19232 7ff65ecd9311 19231->19232 19233 7ff65ecdec08 _get_daylight 11 API calls 19232->19233 19244 7ff65ecd9347 19233->19244 19234 7ff65ecd934f 19235 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19234->19235 19236 7ff65ecd9247 19235->19236 19236->19194 19237 7ff65ecd93c2 19238 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19237->19238 19238->19236 19239 7ff65ecdec08 _get_daylight 11 API calls 19239->19244 19240 7ff65ecd93b1 19409 7ff65ecd9518 19240->19409 19241 7ff65ecda514 __std_exception_copy 37 API calls 19241->19244 19244->19234 19244->19237 19244->19239 19244->19240 19244->19241 19245 7ff65ecd93e7 19244->19245 19248 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19244->19248 19247 7ff65ecda970 _isindst 17 API calls 19245->19247 19246 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19246->19234 19249 7ff65ecd93fa 19247->19249 19248->19244 19251 7ff65ecdb2a5 FlsGetValue 19250->19251 19252 7ff65ecdb2c0 FlsSetValue 19250->19252 19253 7ff65ecdb2b2 19251->19253 19254 7ff65ecdb2ba 19251->19254 19252->19253 19255 7ff65ecdb2cd 19252->19255 19256 7ff65ecdb2b8 19253->19256 19257 7ff65ecda574 _CreateFrameInfo 45 API calls 19253->19257 19254->19252 19258 7ff65ecdec08 _get_daylight 11 API calls 19255->19258 19270 7ff65ece2334 19256->19270 19259 7ff65ecdb335 19257->19259 19260 7ff65ecdb2dc 19258->19260 19261 7ff65ecdb2fa FlsSetValue 19260->19261 19262 7ff65ecdb2ea FlsSetValue 19260->19262 19263 7ff65ecdb306 FlsSetValue 19261->19263 19264 7ff65ecdb318 19261->19264 19265 7ff65ecdb2f3 19262->19265 19263->19265 19266 7ff65ecdaf64 _get_daylight 11 API calls 19264->19266 19267 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19265->19267 19268 7ff65ecdb320 19266->19268 19267->19253 19269 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19268->19269 19269->19256 19293 7ff65ece25a4 19270->19293 19272 7ff65ece2369 19308 7ff65ece2034 19272->19308 19275 7ff65ece2386 19275->19207 19276 7ff65ecdd66c _fread_nolock 12 API calls 19277 7ff65ece2397 19276->19277 19278 7ff65ece239f 19277->19278 19280 7ff65ece23ae 19277->19280 19279 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19278->19279 19279->19275 19280->19280 19315 7ff65ece26dc 19280->19315 19283 7ff65ece24aa 19284 7ff65ecd4f78 _get_daylight 11 API calls 19283->19284 19285 7ff65ece24af 19284->19285 19288 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19285->19288 19286 7ff65ece2505 19287 7ff65ece256c 19286->19287 19326 7ff65ece1e64 19286->19326 19292 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19287->19292 19288->19275 19289 7ff65ece24c4 19289->19286 19290 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19289->19290 19290->19286 19292->19275 19294 7ff65ece25c7 19293->19294 19295 7ff65ece25d1 19294->19295 19341 7ff65ece0348 EnterCriticalSection 19294->19341 19297 7ff65ece2643 19295->19297 19299 7ff65ecda574 _CreateFrameInfo 45 API calls 19295->19299 19297->19272 19302 7ff65ece265b 19299->19302 19304 7ff65ece26b2 19302->19304 19305 7ff65ecdb294 50 API calls 19302->19305 19304->19272 19306 7ff65ece269c 19305->19306 19307 7ff65ece2334 65 API calls 19306->19307 19307->19304 19309 7ff65ecd4fbc 45 API calls 19308->19309 19310 7ff65ece2048 19309->19310 19311 7ff65ece2054 GetOEMCP 19310->19311 19312 7ff65ece2066 19310->19312 19314 7ff65ece207b 19311->19314 19313 7ff65ece206b GetACP 19312->19313 19312->19314 19313->19314 19314->19275 19314->19276 19316 7ff65ece2034 47 API calls 19315->19316 19317 7ff65ece2709 19316->19317 19318 7ff65ece285f 19317->19318 19320 7ff65ece2746 IsValidCodePage 19317->19320 19325 7ff65ece2760 __scrt_get_show_window_mode 19317->19325 19319 7ff65eccc5c0 _log10_special 8 API calls 19318->19319 19321 7ff65ece24a1 19319->19321 19320->19318 19322 7ff65ece2757 19320->19322 19321->19283 19321->19289 19323 7ff65ece2786 GetCPInfo 19322->19323 19322->19325 19323->19318 19323->19325 19342 7ff65ece214c 19325->19342 19408 7ff65ece0348 EnterCriticalSection 19326->19408 19343 7ff65ece2189 GetCPInfo 19342->19343 19344 7ff65ece227f 19342->19344 19343->19344 19349 7ff65ece219c 19343->19349 19345 7ff65eccc5c0 _log10_special 8 API calls 19344->19345 19347 7ff65ece231e 19345->19347 19346 7ff65ece2eb0 48 API calls 19348 7ff65ece2213 19346->19348 19347->19318 19353 7ff65ece7bf4 19348->19353 19349->19346 19352 7ff65ece7bf4 54 API calls 19352->19344 19354 7ff65ecd4fbc 45 API calls 19353->19354 19355 7ff65ece7c19 19354->19355 19358 7ff65ece78c0 19355->19358 19359 7ff65ece7901 19358->19359 19360 7ff65ecdf910 _fread_nolock MultiByteToWideChar 19359->19360 19364 7ff65ece794b 19360->19364 19361 7ff65ece7bc9 19362 7ff65eccc5c0 _log10_special 8 API calls 19361->19362 19363 7ff65ece2246 19362->19363 19363->19352 19364->19361 19365 7ff65ecdd66c _fread_nolock 12 API calls 19364->19365 19366 7ff65ece7983 19364->19366 19377 7ff65ece7a81 19364->19377 19365->19366 19368 7ff65ecdf910 _fread_nolock MultiByteToWideChar 19366->19368 19366->19377 19367 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19367->19361 19369 7ff65ece79f6 19368->19369 19369->19377 19389 7ff65ecdf154 19369->19389 19372 7ff65ece7a92 19375 7ff65ecdd66c _fread_nolock 12 API calls 19372->19375 19376 7ff65ece7b64 19372->19376 19379 7ff65ece7ab0 19372->19379 19373 7ff65ece7a41 19374 7ff65ecdf154 __crtLCMapStringW 6 API calls 19373->19374 19373->19377 19374->19377 19375->19379 19376->19377 19378 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19376->19378 19377->19361 19377->19367 19378->19377 19379->19377 19380 7ff65ecdf154 __crtLCMapStringW 6 API calls 19379->19380 19381 7ff65ece7b30 19380->19381 19381->19376 19382 7ff65ece7b50 19381->19382 19383 7ff65ece7b66 19381->19383 19384 7ff65ece0858 WideCharToMultiByte 19382->19384 19385 7ff65ece0858 WideCharToMultiByte 19383->19385 19386 7ff65ece7b5e 19384->19386 19385->19386 19386->19376 19387 7ff65ece7b7e 19386->19387 19387->19377 19388 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19387->19388 19388->19377 19395 7ff65ecded80 19389->19395 19392 7ff65ecdf19a 19392->19372 19392->19373 19392->19377 19394 7ff65ecdf203 LCMapStringW 19394->19392 19396 7ff65ecdeddd 19395->19396 19403 7ff65ecdedd8 __vcrt_FlsAlloc 19395->19403 19396->19392 19405 7ff65ecdf240 19396->19405 19397 7ff65ecdee0d LoadLibraryExW 19399 7ff65ecdeee2 19397->19399 19400 7ff65ecdee32 GetLastError 19397->19400 19398 7ff65ecdef02 GetProcAddress 19398->19396 19402 7ff65ecdef13 19398->19402 19399->19398 19401 7ff65ecdeef9 FreeLibrary 19399->19401 19400->19403 19401->19398 19402->19396 19403->19396 19403->19397 19403->19398 19404 7ff65ecdee6c LoadLibraryExW 19403->19404 19404->19399 19404->19403 19406 7ff65ecded80 __crtLCMapStringW 5 API calls 19405->19406 19407 7ff65ecdf26e __crtLCMapStringW 19406->19407 19407->19394 19413 7ff65ecd93b9 19409->19413 19414 7ff65ecd951d 19409->19414 19410 7ff65ecd9546 19412 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19410->19412 19411 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19411->19414 19412->19413 19413->19246 19414->19410 19414->19411 19416 7ff65ece6331 19415->19416 19417 7ff65ece6348 19415->19417 19418 7ff65ecd4f78 _get_daylight 11 API calls 19416->19418 19417->19416 19420 7ff65ece6356 19417->19420 19419 7ff65ece6336 19418->19419 19421 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 19419->19421 19422 7ff65ecd4fbc 45 API calls 19420->19422 19423 7ff65ece6341 19420->19423 19421->19423 19422->19423 19423->19104 19425 7ff65ecd4fbc 45 API calls 19424->19425 19426 7ff65ece8fe1 19425->19426 19429 7ff65ece8c38 19426->19429 19431 7ff65ece8c86 19429->19431 19430 7ff65eccc5c0 _log10_special 8 API calls 19432 7ff65ece7275 19430->19432 19433 7ff65ece8d0d 19431->19433 19435 7ff65ece8cf8 GetCPInfo 19431->19435 19439 7ff65ece8d11 19431->19439 19432->19104 19432->19108 19434 7ff65ecdf910 _fread_nolock MultiByteToWideChar 19433->19434 19433->19439 19436 7ff65ece8da5 19434->19436 19435->19433 19435->19439 19437 7ff65ecdd66c _fread_nolock 12 API calls 19436->19437 19438 7ff65ece8ddc 19436->19438 19436->19439 19437->19438 19438->19439 19440 7ff65ecdf910 _fread_nolock MultiByteToWideChar 19438->19440 19439->19430 19441 7ff65ece8e4a 19440->19441 19442 7ff65ece8f2c 19441->19442 19443 7ff65ecdf910 _fread_nolock MultiByteToWideChar 19441->19443 19442->19439 19444 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19442->19444 19445 7ff65ece8e70 19443->19445 19444->19439 19445->19442 19446 7ff65ecdd66c _fread_nolock 12 API calls 19445->19446 19447 7ff65ece8e9d 19445->19447 19446->19447 19447->19442 19448 7ff65ecdf910 _fread_nolock MultiByteToWideChar 19447->19448 19449 7ff65ece8f14 19448->19449 19450 7ff65ece8f34 19449->19450 19451 7ff65ece8f1a 19449->19451 19458 7ff65ecdefd8 19450->19458 19451->19442 19453 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19451->19453 19453->19442 19455 7ff65ece8f73 19455->19439 19457 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19455->19457 19456 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19456->19455 19457->19439 19459 7ff65ecded80 __crtLCMapStringW 5 API calls 19458->19459 19460 7ff65ecdf016 19459->19460 19461 7ff65ecdf240 __crtLCMapStringW 5 API calls 19460->19461 19462 7ff65ecdf01e 19460->19462 19463 7ff65ecdf087 CompareStringW 19461->19463 19462->19455 19462->19456 19463->19462 19465 7ff65ece7cb1 19464->19465 19466 7ff65ece7cca HeapSize 19464->19466 19467 7ff65ecd4f78 _get_daylight 11 API calls 19465->19467 19468 7ff65ece7cb6 19467->19468 19469 7ff65ecda950 _invalid_parameter_noinfo 37 API calls 19468->19469 19470 7ff65ece7cc1 19469->19470 19470->19112 19472 7ff65ece7d03 19471->19472 19473 7ff65ece7cf9 19471->19473 19475 7ff65ece7d08 19472->19475 19481 7ff65ece7d0f _get_daylight 19472->19481 19474 7ff65ecdd66c _fread_nolock 12 API calls 19473->19474 19479 7ff65ece7d01 19474->19479 19476 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19475->19476 19476->19479 19477 7ff65ece7d42 HeapReAlloc 19477->19479 19477->19481 19478 7ff65ece7d15 19480 7ff65ecd4f78 _get_daylight 11 API calls 19478->19480 19479->19117 19480->19479 19481->19477 19481->19478 19482 7ff65ece3600 _get_daylight 2 API calls 19481->19482 19482->19481 19484 7ff65ecded80 __crtLCMapStringW 5 API calls 19483->19484 19485 7ff65ecdefb4 19484->19485 19485->19122 19487 7ff65ecd556a 19486->19487 19488 7ff65ecd5546 19486->19488 19489 7ff65ecd55c4 19487->19489 19492 7ff65ecd556f 19487->19492 19491 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19488->19491 19507 7ff65ecd5555 19488->19507 19490 7ff65ecdf910 _fread_nolock MultiByteToWideChar 19489->19490 19501 7ff65ecd55e0 19490->19501 19491->19507 19493 7ff65ecd5584 19492->19493 19495 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19492->19495 19492->19507 19496 7ff65ecdd66c _fread_nolock 12 API calls 19493->19496 19494 7ff65ecd55e7 GetLastError 19497 7ff65ecd4eec _fread_nolock 11 API calls 19494->19497 19495->19493 19496->19507 19500 7ff65ecd55f4 19497->19500 19498 7ff65ecd5622 19499 7ff65ecdf910 _fread_nolock MultiByteToWideChar 19498->19499 19498->19507 19504 7ff65ecd5666 19499->19504 19505 7ff65ecd4f78 _get_daylight 11 API calls 19500->19505 19501->19494 19501->19498 19502 7ff65ecd5615 19501->19502 19506 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19501->19506 19503 7ff65ecdd66c _fread_nolock 12 API calls 19502->19503 19503->19498 19504->19494 19504->19507 19505->19507 19506->19502 19507->19125 19507->19126 19509 7ff65ecd9295 19508->19509 19516 7ff65ecd9291 19508->19516 19529 7ff65ece2aac GetEnvironmentStringsW 19509->19529 19512 7ff65ecd92a2 19514 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19512->19514 19513 7ff65ecd92ae 19536 7ff65ecd93fc 19513->19536 19514->19516 19516->19153 19521 7ff65ecd963c 19516->19521 19518 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19519 7ff65ecd92d5 19518->19519 19520 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19519->19520 19520->19516 19522 7ff65ecd965f 19521->19522 19527 7ff65ecd9676 19521->19527 19522->19153 19523 7ff65ecdec08 _get_daylight 11 API calls 19523->19527 19524 7ff65ecd96ea 19526 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19524->19526 19525 7ff65ecdf910 MultiByteToWideChar _fread_nolock 19525->19527 19526->19522 19527->19522 19527->19523 19527->19524 19527->19525 19528 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19527->19528 19528->19527 19530 7ff65ecd929a 19529->19530 19531 7ff65ece2ad0 19529->19531 19530->19512 19530->19513 19532 7ff65ecdd66c _fread_nolock 12 API calls 19531->19532 19533 7ff65ece2b07 memcpy_s 19532->19533 19534 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19533->19534 19535 7ff65ece2b27 FreeEnvironmentStringsW 19534->19535 19535->19530 19537 7ff65ecd9424 19536->19537 19538 7ff65ecdec08 _get_daylight 11 API calls 19537->19538 19545 7ff65ecd945f 19538->19545 19539 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19540 7ff65ecd92b6 19539->19540 19540->19518 19541 7ff65ecd94e1 19542 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19541->19542 19542->19540 19543 7ff65ecdec08 _get_daylight 11 API calls 19543->19545 19544 7ff65ecd94d0 19546 7ff65ecd9518 11 API calls 19544->19546 19545->19541 19545->19543 19545->19544 19547 7ff65ece04e4 37 API calls 19545->19547 19550 7ff65ecd9504 19545->19550 19551 7ff65ecd9467 19545->19551 19553 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19545->19553 19548 7ff65ecd94d8 19546->19548 19547->19545 19549 7ff65ecda9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19548->19549 19549->19551 19552 7ff65ecda970 _isindst 17 API calls 19550->19552 19551->19539 19554 7ff65ecd9516 19552->19554 19553->19545 19556 7ff65ece8ba1 __crtLCMapStringW 19555->19556 19557 7ff65ecdefd8 6 API calls 19556->19557 19558 7ff65ece715e 19556->19558 19557->19558 19558->19180 19558->19181 20648 7ff65eceae6e 20649 7ff65eceae7d 20648->20649 20650 7ff65eceae87 20648->20650 20652 7ff65ece03a8 LeaveCriticalSection 20649->20652 19856 7ff65eceadd9 19859 7ff65ecd54e8 LeaveCriticalSection 19856->19859

                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                  Function 00007FF65ECC8BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 0 7ff65ecc8bd0-7ff65ecc8d16 call 7ff65eccc8c0 call 7ff65ecc9400 SetConsoleCtrlHandler GetStartupInfoW call 7ff65ecd5460 call 7ff65ecda4ec call 7ff65ecd878c call 7ff65ecd5460 call 7ff65ecda4ec call 7ff65ecd878c call 7ff65ecd5460 call 7ff65ecda4ec call 7ff65ecd878c GetCommandLineW CreateProcessW 23 7ff65ecc8d3d-7ff65ecc8d79 RegisterClassW 0->23 24 7ff65ecc8d18-7ff65ecc8d38 GetLastError call 7ff65ecc2c50 0->24 26 7ff65ecc8d81-7ff65ecc8dd5 CreateWindowExW 23->26 27 7ff65ecc8d7b GetLastError 23->27 31 7ff65ecc9029-7ff65ecc904f call 7ff65eccc5c0 24->31 29 7ff65ecc8ddf-7ff65ecc8de4 ShowWindow 26->29 30 7ff65ecc8dd7-7ff65ecc8ddd GetLastError 26->30 27->26 32 7ff65ecc8dea-7ff65ecc8dfa WaitForSingleObject 29->32 30->32 34 7ff65ecc8dfc 32->34 35 7ff65ecc8e78-7ff65ecc8e7f 32->35 39 7ff65ecc8e00-7ff65ecc8e03 34->39 36 7ff65ecc8ec2-7ff65ecc8ec9 35->36 37 7ff65ecc8e81-7ff65ecc8e91 WaitForSingleObject 35->37 42 7ff65ecc8ecf-7ff65ecc8ee5 QueryPerformanceFrequency QueryPerformanceCounter 36->42 43 7ff65ecc8fb0-7ff65ecc8fc9 GetMessageW 36->43 40 7ff65ecc8e97-7ff65ecc8ea7 TerminateProcess 37->40 41 7ff65ecc8fe8-7ff65ecc8ff2 37->41 44 7ff65ecc8e05 GetLastError 39->44 45 7ff65ecc8e0b-7ff65ecc8e12 39->45 51 7ff65ecc8eaf-7ff65ecc8ebd WaitForSingleObject 40->51 52 7ff65ecc8ea9 GetLastError 40->52 49 7ff65ecc8ff4-7ff65ecc8ffa DestroyWindow 41->49 50 7ff65ecc9001-7ff65ecc9025 GetExitCodeProcess CloseHandle * 2 41->50 53 7ff65ecc8ef0-7ff65ecc8f28 MsgWaitForMultipleObjects PeekMessageW 42->53 47 7ff65ecc8fdf-7ff65ecc8fe6 43->47 48 7ff65ecc8fcb-7ff65ecc8fd9 TranslateMessage DispatchMessageW 43->48 44->45 45->37 46 7ff65ecc8e14-7ff65ecc8e31 PeekMessageW 45->46 54 7ff65ecc8e33-7ff65ecc8e64 TranslateMessage DispatchMessageW PeekMessageW 46->54 55 7ff65ecc8e66-7ff65ecc8e76 WaitForSingleObject 46->55 47->41 47->43 48->47 49->50 50->31 51->41 52->51 56 7ff65ecc8f63-7ff65ecc8f6a 53->56 57 7ff65ecc8f2a 53->57 54->54 54->55 55->35 55->39 56->43 59 7ff65ecc8f6c-7ff65ecc8f95 QueryPerformanceCounter 56->59 58 7ff65ecc8f30-7ff65ecc8f61 TranslateMessage DispatchMessageW PeekMessageW 57->58 58->56 58->58 59->53 60 7ff65ecc8f9b-7ff65ecc8fa2 59->60 60->41 61 7ff65ecc8fa4-7ff65ecc8fa8 60->61 61->43
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                  • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                  • API String ID: 3832162212-3165540532
                                                                                                                                                                                                  • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                  • Instruction ID: 151280e04d2e4fe7cf24738130690c3e46922dcc6f057cd49fedf6491b54a2a3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09D15272A08A8386EF21CF34E9552BA6771FB64758F480135FA6DA2694DF3CD5498700
                                                                                                                                                                                                  Function 00007FF65ECC1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 62 7ff65ecc1000-7ff65ecc3806 call 7ff65eccfe88 call 7ff65eccfe90 call 7ff65eccc8c0 call 7ff65ecd5460 call 7ff65ecd54f4 call 7ff65ecc36b0 76 7ff65ecc3814-7ff65ecc3836 call 7ff65ecc1950 62->76 77 7ff65ecc3808-7ff65ecc380f 62->77 83 7ff65ecc383c-7ff65ecc3856 call 7ff65ecc1c80 76->83 84 7ff65ecc391b-7ff65ecc3931 call 7ff65ecc45b0 76->84 78 7ff65ecc3c97-7ff65ecc3cb2 call 7ff65eccc5c0 77->78 88 7ff65ecc385b-7ff65ecc389b call 7ff65ecc8a20 83->88 89 7ff65ecc3933-7ff65ecc3960 call 7ff65ecc7f80 84->89 90 7ff65ecc396a-7ff65ecc397f call 7ff65ecc2710 84->90 97 7ff65ecc38c1-7ff65ecc38cc call 7ff65ecd4fa0 88->97 98 7ff65ecc389d-7ff65ecc38a3 88->98 100 7ff65ecc3984-7ff65ecc39a6 call 7ff65ecc1c80 89->100 101 7ff65ecc3962-7ff65ecc3965 call 7ff65ecd00bc 89->101 102 7ff65ecc3c8f 90->102 110 7ff65ecc38d2-7ff65ecc38e1 call 7ff65ecc8a20 97->110 111 7ff65ecc39fc-7ff65ecc3a2a call 7ff65ecc8b30 call 7ff65ecc8b90 * 3 97->111 103 7ff65ecc38af-7ff65ecc38bd call 7ff65ecc8b90 98->103 104 7ff65ecc38a5-7ff65ecc38ad 98->104 115 7ff65ecc39b0-7ff65ecc39b9 100->115 101->90 102->78 103->97 104->103 119 7ff65ecc39f4-7ff65ecc39f7 call 7ff65ecd4fa0 110->119 120 7ff65ecc38e7-7ff65ecc38ed 110->120 138 7ff65ecc3a2f-7ff65ecc3a3e call 7ff65ecc8a20 111->138 115->115 118 7ff65ecc39bb-7ff65ecc39d8 call 7ff65ecc1950 115->118 118->88 127 7ff65ecc39de-7ff65ecc39ef call 7ff65ecc2710 118->127 119->111 125 7ff65ecc38f0-7ff65ecc38fc 120->125 128 7ff65ecc38fe-7ff65ecc3903 125->128 129 7ff65ecc3905-7ff65ecc3908 125->129 127->102 128->125 128->129 129->119 132 7ff65ecc390e-7ff65ecc3916 call 7ff65ecd4fa0 129->132 132->138 141 7ff65ecc3b45-7ff65ecc3b53 138->141 142 7ff65ecc3a44-7ff65ecc3a47 138->142 144 7ff65ecc3b59-7ff65ecc3b5d 141->144 145 7ff65ecc3a67 141->145 142->141 143 7ff65ecc3a4d-7ff65ecc3a50 142->143 146 7ff65ecc3b14-7ff65ecc3b17 143->146 147 7ff65ecc3a56-7ff65ecc3a5a 143->147 148 7ff65ecc3a6b-7ff65ecc3a90 call 7ff65ecd4fa0 144->148 145->148 150 7ff65ecc3b2f-7ff65ecc3b40 call 7ff65ecc2710 146->150 151 7ff65ecc3b19-7ff65ecc3b1d 146->151 147->146 149 7ff65ecc3a60 147->149 157 7ff65ecc3a92-7ff65ecc3aa6 call 7ff65ecc8b30 148->157 158 7ff65ecc3aab-7ff65ecc3ac0 148->158 149->145 159 7ff65ecc3c7f-7ff65ecc3c87 150->159 151->150 153 7ff65ecc3b1f-7ff65ecc3b2a 151->153 153->148 157->158 161 7ff65ecc3be8-7ff65ecc3bfa call 7ff65ecc8a20 158->161 162 7ff65ecc3ac6-7ff65ecc3aca 158->162 159->102 170 7ff65ecc3c2e 161->170 171 7ff65ecc3bfc-7ff65ecc3c02 161->171 164 7ff65ecc3ad0-7ff65ecc3ae8 call 7ff65ecd52c0 162->164 165 7ff65ecc3bcd-7ff65ecc3be2 call 7ff65ecc1940 162->165 173 7ff65ecc3b62-7ff65ecc3b7a call 7ff65ecd52c0 164->173 174 7ff65ecc3aea-7ff65ecc3b02 call 7ff65ecd52c0 164->174 165->161 165->162 175 7ff65ecc3c31-7ff65ecc3c40 call 7ff65ecd4fa0 170->175 176 7ff65ecc3c1e-7ff65ecc3c2c 171->176 177 7ff65ecc3c04-7ff65ecc3c1c 171->177 187 7ff65ecc3b87-7ff65ecc3b9f call 7ff65ecd52c0 173->187 188 7ff65ecc3b7c-7ff65ecc3b80 173->188 174->165 184 7ff65ecc3b08-7ff65ecc3b0f 174->184 185 7ff65ecc3d41-7ff65ecc3d63 call 7ff65ecc44d0 175->185 186 7ff65ecc3c46-7ff65ecc3c4a 175->186 176->175 177->175 184->165 201 7ff65ecc3d71-7ff65ecc3d82 call 7ff65ecc1c80 185->201 202 7ff65ecc3d65-7ff65ecc3d6f call 7ff65ecc4620 185->202 190 7ff65ecc3c50-7ff65ecc3c5f call 7ff65ecc90e0 186->190 191 7ff65ecc3cd4-7ff65ecc3ce6 call 7ff65ecc8a20 186->191 197 7ff65ecc3ba1-7ff65ecc3ba5 187->197 198 7ff65ecc3bac-7ff65ecc3bc4 call 7ff65ecd52c0 187->198 188->187 204 7ff65ecc3c61 190->204 205 7ff65ecc3cb3-7ff65ecc3cb6 call 7ff65ecc8850 190->205 206 7ff65ecc3d35-7ff65ecc3d3c 191->206 207 7ff65ecc3ce8-7ff65ecc3ceb 191->207 197->198 198->165 219 7ff65ecc3bc6 198->219 215 7ff65ecc3d87-7ff65ecc3d96 201->215 202->215 212 7ff65ecc3c68 call 7ff65ecc2710 204->212 218 7ff65ecc3cbb-7ff65ecc3cbd 205->218 206->212 207->206 213 7ff65ecc3ced-7ff65ecc3d10 call 7ff65ecc1c80 207->213 226 7ff65ecc3c6d-7ff65ecc3c77 212->226 230 7ff65ecc3d12-7ff65ecc3d26 call 7ff65ecc2710 call 7ff65ecd4fa0 213->230 231 7ff65ecc3d2b-7ff65ecc3d33 call 7ff65ecd4fa0 213->231 216 7ff65ecc3dc4-7ff65ecc3dda call 7ff65ecc9400 215->216 217 7ff65ecc3d98-7ff65ecc3d9f 215->217 233 7ff65ecc3de8-7ff65ecc3e04 SetDllDirectoryW 216->233 234 7ff65ecc3ddc 216->234 217->216 222 7ff65ecc3da1-7ff65ecc3da5 217->222 224 7ff65ecc3cbf-7ff65ecc3cc6 218->224 225 7ff65ecc3cc8-7ff65ecc3ccf 218->225 219->165 222->216 228 7ff65ecc3da7-7ff65ecc3dbe SetDllDirectoryW LoadLibraryExW 222->228 224->212 225->215 226->159 228->216 230->226 231->215 238 7ff65ecc3f01-7ff65ecc3f08 233->238 239 7ff65ecc3e0a-7ff65ecc3e19 call 7ff65ecc8a20 233->239 234->233 241 7ff65ecc3f0e-7ff65ecc3f15 238->241 242 7ff65ecc3ffc-7ff65ecc4004 238->242 251 7ff65ecc3e32-7ff65ecc3e3c call 7ff65ecd4fa0 239->251 252 7ff65ecc3e1b-7ff65ecc3e21 239->252 241->242 245 7ff65ecc3f1b-7ff65ecc3f25 call 7ff65ecc33c0 241->245 246 7ff65ecc4029-7ff65ecc405b call 7ff65ecc36a0 call 7ff65ecc3360 call 7ff65ecc3670 call 7ff65ecc6fb0 call 7ff65ecc6d60 242->246 247 7ff65ecc4006-7ff65ecc4023 PostMessageW GetMessageW 242->247 245->226 259 7ff65ecc3f2b-7ff65ecc3f3f call 7ff65ecc90c0 245->259 247->246 261 7ff65ecc3ef2-7ff65ecc3efc call 7ff65ecc8b30 251->261 262 7ff65ecc3e42-7ff65ecc3e48 251->262 256 7ff65ecc3e23-7ff65ecc3e2b 252->256 257 7ff65ecc3e2d-7ff65ecc3e2f 252->257 256->257 257->251 271 7ff65ecc3f41-7ff65ecc3f5e PostMessageW GetMessageW 259->271 272 7ff65ecc3f64-7ff65ecc3fa0 call 7ff65ecc8b30 call 7ff65ecc8bd0 call 7ff65ecc6fb0 call 7ff65ecc6d60 call 7ff65ecc8ad0 259->272 261->238 262->261 266 7ff65ecc3e4e-7ff65ecc3e54 262->266 269 7ff65ecc3e5f-7ff65ecc3e61 266->269 270 7ff65ecc3e56-7ff65ecc3e58 266->270 269->238 274 7ff65ecc3e67-7ff65ecc3e83 call 7ff65ecc6db0 call 7ff65ecc7330 269->274 270->274 275 7ff65ecc3e5a 270->275 271->272 307 7ff65ecc3fa5-7ff65ecc3fa7 272->307 290 7ff65ecc3e8e-7ff65ecc3e95 274->290 291 7ff65ecc3e85-7ff65ecc3e8c 274->291 275->238 294 7ff65ecc3eaf-7ff65ecc3eb9 call 7ff65ecc71a0 290->294 295 7ff65ecc3e97-7ff65ecc3ea4 call 7ff65ecc6df0 290->295 293 7ff65ecc3edb-7ff65ecc3ef0 call 7ff65ecc2a50 call 7ff65ecc6fb0 call 7ff65ecc6d60 291->293 293->238 305 7ff65ecc3ec4-7ff65ecc3ed2 call 7ff65ecc74e0 294->305 306 7ff65ecc3ebb-7ff65ecc3ec2 294->306 295->294 304 7ff65ecc3ea6-7ff65ecc3ead 295->304 304->293 305->238 319 7ff65ecc3ed4 305->319 306->293 310 7ff65ecc3fe9-7ff65ecc3ff7 call 7ff65ecc1900 307->310 311 7ff65ecc3fa9-7ff65ecc3fb3 call 7ff65ecc9200 307->311 310->226 311->310 321 7ff65ecc3fb5-7ff65ecc3fca 311->321 319->293 322 7ff65ecc3fe4 call 7ff65ecc2a50 321->322 323 7ff65ecc3fcc-7ff65ecc3fdf call 7ff65ecc2710 call 7ff65ecc1900 321->323 322->310 323->226
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                  • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                  • API String ID: 2776309574-4232158417
                                                                                                                                                                                                  • Opcode ID: 5f06764772134f708f81e1d90a55aaa5f7394f12393b91087867cae74afd4342
                                                                                                                                                                                                  • Instruction ID: 43969c868a5e1b2d749d571da23a0ecd1c6ba631bfea6dcb16152c0a11fbed10
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f06764772134f708f81e1d90a55aaa5f7394f12393b91087867cae74afd4342
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5328EA1B08A8391FF29D729A7552B96671AF64780F4C4072FA7DE32D2DF2CE559C300
                                                                                                                                                                                                  Function 00007FF65ECE5C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 477 7ff65ece5c70-7ff65ece5cab call 7ff65ece55f8 call 7ff65ece5600 call 7ff65ece5668 484 7ff65ece5ed5-7ff65ece5f21 call 7ff65ecda970 call 7ff65ece55f8 call 7ff65ece5600 call 7ff65ece5668 477->484 485 7ff65ece5cb1-7ff65ece5cbc call 7ff65ece5608 477->485 510 7ff65ece605f-7ff65ece60cd call 7ff65ecda970 call 7ff65ece15e8 484->510 511 7ff65ece5f27-7ff65ece5f32 call 7ff65ece5608 484->511 485->484 491 7ff65ece5cc2-7ff65ece5ccc 485->491 492 7ff65ece5cee-7ff65ece5cf2 491->492 493 7ff65ece5cce-7ff65ece5cd1 491->493 497 7ff65ece5cf5-7ff65ece5cfd 492->497 495 7ff65ece5cd4-7ff65ece5cdf 493->495 498 7ff65ece5ce1-7ff65ece5ce8 495->498 499 7ff65ece5cea-7ff65ece5cec 495->499 497->497 501 7ff65ece5cff-7ff65ece5d12 call 7ff65ecdd66c 497->501 498->495 498->499 499->492 502 7ff65ece5d1b-7ff65ece5d29 499->502 508 7ff65ece5d14-7ff65ece5d16 call 7ff65ecda9b8 501->508 509 7ff65ece5d2a-7ff65ece5d36 call 7ff65ecda9b8 501->509 508->502 517 7ff65ece5d3d-7ff65ece5d45 509->517 531 7ff65ece60cf-7ff65ece60d6 510->531 532 7ff65ece60db-7ff65ece60de 510->532 511->510 521 7ff65ece5f38-7ff65ece5f43 call 7ff65ece5638 511->521 517->517 520 7ff65ece5d47-7ff65ece5d58 call 7ff65ece04e4 517->520 520->484 529 7ff65ece5d5e-7ff65ece5db4 call 7ff65ecea540 * 4 call 7ff65ece5b8c 520->529 521->510 530 7ff65ece5f49-7ff65ece5f6c call 7ff65ecda9b8 GetTimeZoneInformation 521->530 589 7ff65ece5db6-7ff65ece5dba 529->589 547 7ff65ece5f72-7ff65ece5f93 530->547 548 7ff65ece6034-7ff65ece605e call 7ff65ece55f0 call 7ff65ece55e0 call 7ff65ece55e8 530->548 535 7ff65ece616b-7ff65ece616e 531->535 536 7ff65ece6115-7ff65ece6128 call 7ff65ecdd66c 532->536 537 7ff65ece60e0 532->537 538 7ff65ece60e3 call 7ff65ece5eec 535->538 539 7ff65ece6174-7ff65ece617c call 7ff65ece5c70 535->539 552 7ff65ece6133-7ff65ece614e call 7ff65ece15e8 536->552 553 7ff65ece612a 536->553 537->538 549 7ff65ece60e8-7ff65ece6114 call 7ff65ecda9b8 call 7ff65eccc5c0 538->549 539->549 554 7ff65ece5f95-7ff65ece5f9b 547->554 555 7ff65ece5f9e-7ff65ece5fa5 547->555 572 7ff65ece6155-7ff65ece6167 call 7ff65ecda9b8 552->572 573 7ff65ece6150-7ff65ece6153 552->573 559 7ff65ece612c-7ff65ece6131 call 7ff65ecda9b8 553->559 554->555 560 7ff65ece5fa7-7ff65ece5faf 555->560 561 7ff65ece5fb9 555->561 559->537 560->561 569 7ff65ece5fb1-7ff65ece5fb7 560->569 568 7ff65ece5fbb-7ff65ece602f call 7ff65ecea540 * 4 call 7ff65ece2bcc call 7ff65ece6184 * 2 561->568 568->548 569->568 572->535 573->559 591 7ff65ece5dc0-7ff65ece5dc4 589->591 592 7ff65ece5dbc 589->592 591->589 594 7ff65ece5dc6-7ff65ece5deb call 7ff65ecd6bc8 591->594 592->591 600 7ff65ece5dee-7ff65ece5df2 594->600 602 7ff65ece5df4-7ff65ece5dff 600->602 603 7ff65ece5e01-7ff65ece5e05 600->603 602->603 605 7ff65ece5e07-7ff65ece5e0b 602->605 603->600 607 7ff65ece5e0d-7ff65ece5e35 call 7ff65ecd6bc8 605->607 608 7ff65ece5e8c-7ff65ece5e90 605->608 617 7ff65ece5e53-7ff65ece5e57 607->617 618 7ff65ece5e37 607->618 610 7ff65ece5e92-7ff65ece5e94 608->610 611 7ff65ece5e97-7ff65ece5ea4 608->611 610->611 613 7ff65ece5ebf-7ff65ece5ece call 7ff65ece55f0 call 7ff65ece55e0 611->613 614 7ff65ece5ea6-7ff65ece5ebc call 7ff65ece5b8c 611->614 613->484 614->613 617->608 620 7ff65ece5e59-7ff65ece5e77 call 7ff65ecd6bc8 617->620 622 7ff65ece5e3a-7ff65ece5e41 618->622 629 7ff65ece5e83-7ff65ece5e8a 620->629 622->617 626 7ff65ece5e43-7ff65ece5e51 622->626 626->617 626->622 629->608 630 7ff65ece5e79-7ff65ece5e7d 629->630 630->608 631 7ff65ece5e7f 630->631 631->629
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF65ECE5CB5
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECE5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF65ECE561C
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECDA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF65ECE2D92,?,?,?,00007FF65ECE2DCF,?,?,00000000,00007FF65ECE3295,?,?,?,00007FF65ECE31C7), ref: 00007FF65ECDA9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECDA9B8: GetLastError.KERNEL32(?,?,?,00007FF65ECE2D92,?,?,?,00007FF65ECE2DCF,?,?,00000000,00007FF65ECE3295,?,?,?,00007FF65ECE31C7), ref: 00007FF65ECDA9D8
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECDA970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF65ECDA94F,?,?,?,?,?,00007FF65ECDA83A), ref: 00007FF65ECDA979
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECDA970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF65ECDA94F,?,?,?,?,?,00007FF65ECDA83A), ref: 00007FF65ECDA99E
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF65ECE5CA4
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECE5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF65ECE567C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF65ECE5F1A
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF65ECE5F2B
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF65ECE5F3C
                                                                                                                                                                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF65ECE617C), ref: 00007FF65ECE5F63
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                  • API String ID: 4070488512-239921721
                                                                                                                                                                                                  • Opcode ID: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                  • Instruction ID: f947cb3e41662ddecd0dcb4e22a747622b4ef042897eca97425167d780672eba
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FD1CFA6E18A438AEF21DF2196421B96771EB64784F4C8135FA6DE7785EF3CE4418340
                                                                                                                                                                                                  Function 00007FF65ECE69D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 691 7ff65ece69d4-7ff65ece6a47 call 7ff65ece6708 694 7ff65ece6a61-7ff65ece6a6b call 7ff65ecd8590 691->694 695 7ff65ece6a49-7ff65ece6a52 call 7ff65ecd4f58 691->695 701 7ff65ece6a6d-7ff65ece6a84 call 7ff65ecd4f58 call 7ff65ecd4f78 694->701 702 7ff65ece6a86-7ff65ece6aef CreateFileW 694->702 700 7ff65ece6a55-7ff65ece6a5c call 7ff65ecd4f78 695->700 715 7ff65ece6da2-7ff65ece6dc2 700->715 701->700 703 7ff65ece6af1-7ff65ece6af7 702->703 704 7ff65ece6b6c-7ff65ece6b77 GetFileType 702->704 707 7ff65ece6b39-7ff65ece6b67 GetLastError call 7ff65ecd4eec 703->707 708 7ff65ece6af9-7ff65ece6afd 703->708 710 7ff65ece6bca-7ff65ece6bd1 704->710 711 7ff65ece6b79-7ff65ece6bb4 GetLastError call 7ff65ecd4eec CloseHandle 704->711 707->700 708->707 713 7ff65ece6aff-7ff65ece6b37 CreateFileW 708->713 718 7ff65ece6bd3-7ff65ece6bd7 710->718 719 7ff65ece6bd9-7ff65ece6bdc 710->719 711->700 726 7ff65ece6bba-7ff65ece6bc5 call 7ff65ecd4f78 711->726 713->704 713->707 720 7ff65ece6be2-7ff65ece6c37 call 7ff65ecd84a8 718->720 719->720 721 7ff65ece6bde 719->721 729 7ff65ece6c56-7ff65ece6c87 call 7ff65ece6488 720->729 730 7ff65ece6c39-7ff65ece6c45 call 7ff65ece6910 720->730 721->720 726->700 737 7ff65ece6c8d-7ff65ece6ccf 729->737 738 7ff65ece6c89-7ff65ece6c8b 729->738 730->729 736 7ff65ece6c47 730->736 739 7ff65ece6c49-7ff65ece6c51 call 7ff65ecdab30 736->739 740 7ff65ece6cf1-7ff65ece6cfc 737->740 741 7ff65ece6cd1-7ff65ece6cd5 737->741 738->739 739->715 743 7ff65ece6d02-7ff65ece6d06 740->743 744 7ff65ece6da0 740->744 741->740 742 7ff65ece6cd7-7ff65ece6cec 741->742 742->740 743->744 746 7ff65ece6d0c-7ff65ece6d51 CloseHandle CreateFileW 743->746 744->715 748 7ff65ece6d53-7ff65ece6d81 GetLastError call 7ff65ecd4eec call 7ff65ecd86d0 746->748 749 7ff65ece6d86-7ff65ece6d9b 746->749 748->749 749->744
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                                  • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                  • Instruction ID: f65902381ac4e5de7ccbe7c35c8468f03e4d63ad9a31be002471a4829200b871
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1EC1C176B28E4285EF11CF65C6912AC3771F759BA8B095235EE2EAB794CF38E115C300
                                                                                                                                                                                                  Function 00007FF65ECC83B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(?,00007FF65ECC8B09,00007FF65ECC3FA5), ref: 00007FF65ECC841B
                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,00007FF65ECC8B09,00007FF65ECC3FA5), ref: 00007FF65ECC849E
                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(?,00007FF65ECC8B09,00007FF65ECC3FA5), ref: 00007FF65ECC84BD
                                                                                                                                                                                                  • FindNextFileW.KERNELBASE(?,00007FF65ECC8B09,00007FF65ECC3FA5), ref: 00007FF65ECC84CB
                                                                                                                                                                                                  • FindClose.KERNEL32(?,00007FF65ECC8B09,00007FF65ECC3FA5), ref: 00007FF65ECC84DC
                                                                                                                                                                                                  • RemoveDirectoryW.KERNELBASE(?,00007FF65ECC8B09,00007FF65ECC3FA5), ref: 00007FF65ECC84E5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                  • String ID: %s\*
                                                                                                                                                                                                  • API String ID: 1057558799-766152087
                                                                                                                                                                                                  • Opcode ID: 39a93d91a788addd72801eeb202cf5dd5373a6ceabdc1da620128e14205563d9
                                                                                                                                                                                                  • Instruction ID: 617873bbceecc0f14a20082bbddcec33688ef349c37a172f59b8cdcb23cc77e7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39a93d91a788addd72801eeb202cf5dd5373a6ceabdc1da620128e14205563d9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60415FA2B0C94385EE31DB24A6545BA6371FBA4754F480632F9BDE36D4DF3CE54A8700
                                                                                                                                                                                                  Function 00007FF65ECE5EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1012 7ff65ece5eec-7ff65ece5f21 call 7ff65ece55f8 call 7ff65ece5600 call 7ff65ece5668 1019 7ff65ece605f-7ff65ece60cd call 7ff65ecda970 call 7ff65ece15e8 1012->1019 1020 7ff65ece5f27-7ff65ece5f32 call 7ff65ece5608 1012->1020 1032 7ff65ece60cf-7ff65ece60d6 1019->1032 1033 7ff65ece60db-7ff65ece60de 1019->1033 1020->1019 1025 7ff65ece5f38-7ff65ece5f43 call 7ff65ece5638 1020->1025 1025->1019 1031 7ff65ece5f49-7ff65ece5f6c call 7ff65ecda9b8 GetTimeZoneInformation 1025->1031 1045 7ff65ece5f72-7ff65ece5f93 1031->1045 1046 7ff65ece6034-7ff65ece605e call 7ff65ece55f0 call 7ff65ece55e0 call 7ff65ece55e8 1031->1046 1035 7ff65ece616b-7ff65ece616e 1032->1035 1036 7ff65ece6115-7ff65ece6128 call 7ff65ecdd66c 1033->1036 1037 7ff65ece60e0 1033->1037 1038 7ff65ece60e3 call 7ff65ece5eec 1035->1038 1039 7ff65ece6174-7ff65ece617c call 7ff65ece5c70 1035->1039 1049 7ff65ece6133-7ff65ece614e call 7ff65ece15e8 1036->1049 1050 7ff65ece612a 1036->1050 1037->1038 1047 7ff65ece60e8-7ff65ece6114 call 7ff65ecda9b8 call 7ff65eccc5c0 1038->1047 1039->1047 1051 7ff65ece5f95-7ff65ece5f9b 1045->1051 1052 7ff65ece5f9e-7ff65ece5fa5 1045->1052 1067 7ff65ece6155-7ff65ece6167 call 7ff65ecda9b8 1049->1067 1068 7ff65ece6150-7ff65ece6153 1049->1068 1055 7ff65ece612c-7ff65ece6131 call 7ff65ecda9b8 1050->1055 1051->1052 1056 7ff65ece5fa7-7ff65ece5faf 1052->1056 1057 7ff65ece5fb9 1052->1057 1055->1037 1056->1057 1064 7ff65ece5fb1-7ff65ece5fb7 1056->1064 1063 7ff65ece5fbb-7ff65ece602f call 7ff65ecea540 * 4 call 7ff65ece2bcc call 7ff65ece6184 * 2 1057->1063 1063->1046 1064->1063 1067->1035 1068->1055
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF65ECE5F1A
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECE5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF65ECE567C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF65ECE5F2B
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECE5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF65ECE561C
                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF65ECE5F3C
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECE5638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF65ECE564C
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECDA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF65ECE2D92,?,?,?,00007FF65ECE2DCF,?,?,00000000,00007FF65ECE3295,?,?,?,00007FF65ECE31C7), ref: 00007FF65ECDA9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECDA9B8: GetLastError.KERNEL32(?,?,?,00007FF65ECE2D92,?,?,?,00007FF65ECE2DCF,?,?,00000000,00007FF65ECE3295,?,?,?,00007FF65ECE31C7), ref: 00007FF65ECDA9D8
                                                                                                                                                                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF65ECE617C), ref: 00007FF65ECE5F63
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                  • API String ID: 3458911817-239921721
                                                                                                                                                                                                  • Opcode ID: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                  • Instruction ID: 59b34d0b2805f712ee8d78d3d61a6efa93efb6182a0ae466a2424c6f75f06908
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F25195B2E18A4386EB21DF21D6825B96770BB68784F4C5235FA6DD3796DF3CE4408740
                                                                                                                                                                                                  Function 00007FF65ECC92F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                  • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                  • Instruction ID: a4cde6138123041e5f40b52a456d58ee1fdea79228cd27103e719c433ed65b6b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8F04462A1864286FF608B64B5497766360AB98774F0C0235F97D566D4DF3CD0499A00
                                                                                                                                                                                                  Function 00007FF65ECE0938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1010374628-0
                                                                                                                                                                                                  • Opcode ID: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                  • Instruction ID: 9b36c706870a5c735ba88987ca534ba4276f73993b853b6b53901e500f4549af
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60027EA1A19A8342FF66AF11A74327926A0AF65B90F4D4634FD7DE73D2DE3DE4018340
                                                                                                                                                                                                  Function 00007FF65ECC1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 329 7ff65ecc1950-7ff65ecc198b call 7ff65ecc45b0 332 7ff65ecc1991-7ff65ecc19d1 call 7ff65ecc7f80 329->332 333 7ff65ecc1c4e-7ff65ecc1c72 call 7ff65eccc5c0 329->333 338 7ff65ecc19d7-7ff65ecc19e7 call 7ff65ecd0744 332->338 339 7ff65ecc1c3b-7ff65ecc1c3e call 7ff65ecd00bc 332->339 344 7ff65ecc19e9-7ff65ecc1a03 call 7ff65ecd4f78 call 7ff65ecc2910 338->344 345 7ff65ecc1a08-7ff65ecc1a24 call 7ff65ecd040c 338->345 343 7ff65ecc1c43-7ff65ecc1c4b 339->343 343->333 344->339 350 7ff65ecc1a45-7ff65ecc1a5a call 7ff65ecd4f98 345->350 351 7ff65ecc1a26-7ff65ecc1a40 call 7ff65ecd4f78 call 7ff65ecc2910 345->351 359 7ff65ecc1a5c-7ff65ecc1a76 call 7ff65ecd4f78 call 7ff65ecc2910 350->359 360 7ff65ecc1a7b-7ff65ecc1afc call 7ff65ecc1c80 * 2 call 7ff65ecd0744 350->360 351->339 359->339 371 7ff65ecc1b01-7ff65ecc1b14 call 7ff65ecd4fb4 360->371 374 7ff65ecc1b35-7ff65ecc1b4e call 7ff65ecd040c 371->374 375 7ff65ecc1b16-7ff65ecc1b30 call 7ff65ecd4f78 call 7ff65ecc2910 371->375 380 7ff65ecc1b50-7ff65ecc1b6a call 7ff65ecd4f78 call 7ff65ecc2910 374->380 381 7ff65ecc1b6f-7ff65ecc1b8b call 7ff65ecd0180 374->381 375->339 380->339 389 7ff65ecc1b9e-7ff65ecc1bac 381->389 390 7ff65ecc1b8d-7ff65ecc1b99 call 7ff65ecc2710 381->390 389->339 393 7ff65ecc1bb2-7ff65ecc1bb9 389->393 390->339 395 7ff65ecc1bc1-7ff65ecc1bc7 393->395 396 7ff65ecc1be0-7ff65ecc1bef 395->396 397 7ff65ecc1bc9-7ff65ecc1bd6 395->397 396->396 398 7ff65ecc1bf1-7ff65ecc1bfa 396->398 397->398 399 7ff65ecc1c0f 398->399 400 7ff65ecc1bfc-7ff65ecc1bff 398->400 402 7ff65ecc1c11-7ff65ecc1c24 399->402 400->399 401 7ff65ecc1c01-7ff65ecc1c04 400->401 401->399 403 7ff65ecc1c06-7ff65ecc1c09 401->403 404 7ff65ecc1c26 402->404 405 7ff65ecc1c2d-7ff65ecc1c39 402->405 403->399 406 7ff65ecc1c0b-7ff65ecc1c0d 403->406 404->405 405->339 405->395 406->402
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC7F80: _fread_nolock.LIBCMT ref: 00007FF65ECC802A
                                                                                                                                                                                                  • _fread_nolock.LIBCMT ref: 00007FF65ECC1A1B
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF65ECC1B6A), ref: 00007FF65ECC295E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                  • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2397952137-3497178890
                                                                                                                                                                                                  • Opcode ID: ec026736a1cabb0f7ef6b5c1934254d4a8a5e9b6eedc37d057a3adc814f85b90
                                                                                                                                                                                                  • Instruction ID: 929f51746523591a2510865eb2ed85071744bb010aab8c3c771f2a2593933fff
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec026736a1cabb0f7ef6b5c1934254d4a8a5e9b6eedc37d057a3adc814f85b90
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46819DB1B08B8285EF21DB25D2452B923B1BF68784F484431FABDE7795DE3CE5458B40
                                                                                                                                                                                                  Function 00007FF65ECC1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 407 7ff65ecc1600-7ff65ecc1611 408 7ff65ecc1613-7ff65ecc161c call 7ff65ecc1050 407->408 409 7ff65ecc1637-7ff65ecc1651 call 7ff65ecc45b0 407->409 416 7ff65ecc162e-7ff65ecc1636 408->416 417 7ff65ecc161e-7ff65ecc1629 call 7ff65ecc2710 408->417 414 7ff65ecc1653-7ff65ecc1681 call 7ff65ecd4f78 call 7ff65ecc2910 409->414 415 7ff65ecc1682-7ff65ecc169c call 7ff65ecc45b0 409->415 424 7ff65ecc169e-7ff65ecc16b3 call 7ff65ecc2710 415->424 425 7ff65ecc16b8-7ff65ecc16cf call 7ff65ecd0744 415->425 417->416 433 7ff65ecc1821-7ff65ecc1824 call 7ff65ecd00bc 424->433 431 7ff65ecc16d1-7ff65ecc16f4 call 7ff65ecd4f78 call 7ff65ecc2910 425->431 432 7ff65ecc16f9-7ff65ecc16fd 425->432 446 7ff65ecc1819-7ff65ecc181c call 7ff65ecd00bc 431->446 435 7ff65ecc16ff-7ff65ecc170b call 7ff65ecc1210 432->435 436 7ff65ecc1717-7ff65ecc1737 call 7ff65ecd4fb4 432->436 441 7ff65ecc1829-7ff65ecc183b 433->441 443 7ff65ecc1710-7ff65ecc1712 435->443 447 7ff65ecc1761-7ff65ecc176c 436->447 448 7ff65ecc1739-7ff65ecc175c call 7ff65ecd4f78 call 7ff65ecc2910 436->448 443->446 446->433 449 7ff65ecc1802-7ff65ecc180a call 7ff65ecd4fa0 447->449 450 7ff65ecc1772-7ff65ecc1777 447->450 461 7ff65ecc180f-7ff65ecc1814 448->461 449->461 454 7ff65ecc1780-7ff65ecc17a2 call 7ff65ecd040c 450->454 462 7ff65ecc17a4-7ff65ecc17bc call 7ff65ecd0b4c 454->462 463 7ff65ecc17da-7ff65ecc17e6 call 7ff65ecd4f78 454->463 461->446 469 7ff65ecc17be-7ff65ecc17c1 462->469 470 7ff65ecc17c5-7ff65ecc17d8 call 7ff65ecd4f78 462->470 468 7ff65ecc17ed-7ff65ecc17f8 call 7ff65ecc2910 463->468 475 7ff65ecc17fd 468->475 469->454 472 7ff65ecc17c3 469->472 470->468 472->475 475->449
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-1550345328
                                                                                                                                                                                                  • Opcode ID: bc3b6ad1d72ad9a9067b3a27b155e00267b771eeaeabf2a6be8fdbbb9eca8f82
                                                                                                                                                                                                  • Instruction ID: 77dcc3a9b309b76f4ff951eeb1b41c03a3af3f7a471a8682d2691421020d3e33
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc3b6ad1d72ad9a9067b3a27b155e00267b771eeaeabf2a6be8fdbbb9eca8f82
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB51BCA1B08B4382EE21AB1297011B963B1BF60794F884531FE7DE7792DF3CE5498340
                                                                                                                                                                                                  Function 00007FF65ECC8850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetTempPathW.KERNEL32(?,?,00000000,00007FF65ECC3CBB), ref: 00007FF65ECC88F4
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00007FF65ECC3CBB), ref: 00007FF65ECC88FA
                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00007FF65ECC3CBB), ref: 00007FF65ECC893C
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC8A20: GetEnvironmentVariableW.KERNEL32(00007FF65ECC388E), ref: 00007FF65ECC8A57
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC8A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF65ECC8A79
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECD82A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF65ECD82C1
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC2810: MessageBoxW.USER32 ref: 00007FF65ECC28EA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                  • API String ID: 3563477958-1339014028
                                                                                                                                                                                                  • Opcode ID: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                  • Instruction ID: ef824b61ec78667e088c909ceafc685c4208252dab4998442dd55bded66f8364
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E441B592B19A8344FE20EB65AB521BA12B1AFA5780F4C0071FD3DE7796DE3CE5058341
                                                                                                                                                                                                  Function 00007FF65ECC1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 754 7ff65ecc1210-7ff65ecc126d call 7ff65eccbdf0 757 7ff65ecc126f-7ff65ecc1296 call 7ff65ecc2710 754->757 758 7ff65ecc1297-7ff65ecc12af call 7ff65ecd4fb4 754->758 763 7ff65ecc12b1-7ff65ecc12cf call 7ff65ecd4f78 call 7ff65ecc2910 758->763 764 7ff65ecc12d4-7ff65ecc12e4 call 7ff65ecd4fb4 758->764 775 7ff65ecc1439-7ff65ecc144e call 7ff65eccbad0 call 7ff65ecd4fa0 * 2 763->775 770 7ff65ecc1309-7ff65ecc131b 764->770 771 7ff65ecc12e6-7ff65ecc1304 call 7ff65ecd4f78 call 7ff65ecc2910 764->771 774 7ff65ecc1320-7ff65ecc1345 call 7ff65ecd040c 770->774 771->775 781 7ff65ecc1431 774->781 782 7ff65ecc134b-7ff65ecc1355 call 7ff65ecd0180 774->782 791 7ff65ecc1453-7ff65ecc146d 775->791 781->775 782->781 790 7ff65ecc135b-7ff65ecc1367 782->790 792 7ff65ecc1370-7ff65ecc1398 call 7ff65ecca230 790->792 795 7ff65ecc1416-7ff65ecc142c call 7ff65ecc2710 792->795 796 7ff65ecc139a-7ff65ecc139d 792->796 795->781 797 7ff65ecc1411 796->797 798 7ff65ecc139f-7ff65ecc13a9 796->798 797->795 800 7ff65ecc13d4-7ff65ecc13d7 798->800 801 7ff65ecc13ab-7ff65ecc13b9 call 7ff65ecd0b4c 798->801 802 7ff65ecc13d9-7ff65ecc13e7 call 7ff65ece9ea0 800->802 803 7ff65ecc13ea-7ff65ecc13ef 800->803 807 7ff65ecc13be-7ff65ecc13c1 801->807 802->803 803->792 806 7ff65ecc13f5-7ff65ecc13f8 803->806 809 7ff65ecc140c-7ff65ecc140f 806->809 810 7ff65ecc13fa-7ff65ecc13fd 806->810 811 7ff65ecc13cf-7ff65ecc13d2 807->811 812 7ff65ecc13c3-7ff65ecc13cd call 7ff65ecd0180 807->812 809->781 810->795 813 7ff65ecc13ff-7ff65ecc1407 810->813 811->795 812->803 812->811 813->774
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-2813020118
                                                                                                                                                                                                  • Opcode ID: 5203fde90a14cfca52878d148793ed0f56fa2f4a03ba52266beea290f2c18543
                                                                                                                                                                                                  • Instruction ID: 41f5454696b4cffb508ba4e9afa29550ba4d18c327019ea728e52e928f080bb8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5203fde90a14cfca52878d148793ed0f56fa2f4a03ba52266beea290f2c18543
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1251E5A2B08A8241EE209B12A6403BA62B1FF65794F8C4531FE7DE77D5DE3CE506C700
                                                                                                                                                                                                  Function 00007FF65ECDED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF65ECDF11A,?,?,-00000018,00007FF65ECDADC3,?,?,?,00007FF65ECDACBA,?,?,?,00007FF65ECD5FAE), ref: 00007FF65ECDEEFC
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF65ECDF11A,?,?,-00000018,00007FF65ECDADC3,?,?,?,00007FF65ECDACBA,?,?,?,00007FF65ECD5FAE), ref: 00007FF65ECDEF08
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                                  • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                  • Instruction ID: c353148946bac5f6cbbebb02a502053f6f4cd20515f548a4be0ec76bfd0da29e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C4124A5B18A4249FF16CB129B0067522B6BF66B90F4C4135FC3DE7784EE3DE4058300
                                                                                                                                                                                                  Function 00007FF65ECC36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00007FF65ECC3804), ref: 00007FF65ECC36E1
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF65ECC3804), ref: 00007FF65ECC36EB
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF65ECC3706,?,00007FF65ECC3804), ref: 00007FF65ECC2C9E
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF65ECC3706,?,00007FF65ECC3804), ref: 00007FF65ECC2D63
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC2C50: MessageBoxW.USER32 ref: 00007FF65ECC2D99
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                  • API String ID: 3187769757-2863816727
                                                                                                                                                                                                  • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                  • Instruction ID: 6d2e8c091353f36d817bd43efc6ebd2822fa7618beedaf39cd3fd8e895b8e721
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C2162E1F18A8381FE219724EB153B62271BFA8354F884132F97EE66D5EE2CE545C700
                                                                                                                                                                                                  Function 00007FF65ECDBACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 899 7ff65ecdbacc-7ff65ecdbaf2 900 7ff65ecdbaf4-7ff65ecdbb08 call 7ff65ecd4f58 call 7ff65ecd4f78 899->900 901 7ff65ecdbb0d-7ff65ecdbb11 899->901 917 7ff65ecdbefe 900->917 903 7ff65ecdbee7-7ff65ecdbef3 call 7ff65ecd4f58 call 7ff65ecd4f78 901->903 904 7ff65ecdbb17-7ff65ecdbb1e 901->904 923 7ff65ecdbef9 call 7ff65ecda950 903->923 904->903 906 7ff65ecdbb24-7ff65ecdbb52 904->906 906->903 909 7ff65ecdbb58-7ff65ecdbb5f 906->909 912 7ff65ecdbb61-7ff65ecdbb73 call 7ff65ecd4f58 call 7ff65ecd4f78 909->912 913 7ff65ecdbb78-7ff65ecdbb7b 909->913 912->923 915 7ff65ecdbee3-7ff65ecdbee5 913->915 916 7ff65ecdbb81-7ff65ecdbb87 913->916 920 7ff65ecdbf01-7ff65ecdbf18 915->920 916->915 921 7ff65ecdbb8d-7ff65ecdbb90 916->921 917->920 921->912 924 7ff65ecdbb92-7ff65ecdbbb7 921->924 923->917 927 7ff65ecdbbea-7ff65ecdbbf1 924->927 928 7ff65ecdbbb9-7ff65ecdbbbb 924->928 932 7ff65ecdbbf3-7ff65ecdbc1b call 7ff65ecdd66c call 7ff65ecda9b8 * 2 927->932 933 7ff65ecdbbc6-7ff65ecdbbdd call 7ff65ecd4f58 call 7ff65ecd4f78 call 7ff65ecda950 927->933 930 7ff65ecdbbe2-7ff65ecdbbe8 928->930 931 7ff65ecdbbbd-7ff65ecdbbc4 928->931 935 7ff65ecdbc68-7ff65ecdbc7f 930->935 931->930 931->933 960 7ff65ecdbc1d-7ff65ecdbc33 call 7ff65ecd4f78 call 7ff65ecd4f58 932->960 961 7ff65ecdbc38-7ff65ecdbc63 call 7ff65ecdc2f4 932->961 964 7ff65ecdbd70 933->964 939 7ff65ecdbc81-7ff65ecdbc89 935->939 940 7ff65ecdbcfa-7ff65ecdbd04 call 7ff65ece398c 935->940 939->940 944 7ff65ecdbc8b-7ff65ecdbc8d 939->944 952 7ff65ecdbd8e 940->952 953 7ff65ecdbd0a-7ff65ecdbd1f 940->953 944->940 945 7ff65ecdbc8f-7ff65ecdbca5 944->945 945->940 949 7ff65ecdbca7-7ff65ecdbcb3 945->949 949->940 954 7ff65ecdbcb5-7ff65ecdbcb7 949->954 956 7ff65ecdbd93-7ff65ecdbdb3 ReadFile 952->956 953->952 958 7ff65ecdbd21-7ff65ecdbd33 GetConsoleMode 953->958 954->940 959 7ff65ecdbcb9-7ff65ecdbcd1 954->959 962 7ff65ecdbead-7ff65ecdbeb6 GetLastError 956->962 963 7ff65ecdbdb9-7ff65ecdbdc1 956->963 958->952 965 7ff65ecdbd35-7ff65ecdbd3d 958->965 959->940 969 7ff65ecdbcd3-7ff65ecdbcdf 959->969 960->964 961->935 966 7ff65ecdbed3-7ff65ecdbed6 962->966 967 7ff65ecdbeb8-7ff65ecdbece call 7ff65ecd4f78 call 7ff65ecd4f58 962->967 963->962 971 7ff65ecdbdc7 963->971 968 7ff65ecdbd73-7ff65ecdbd7d call 7ff65ecda9b8 964->968 965->956 973 7ff65ecdbd3f-7ff65ecdbd61 ReadConsoleW 965->973 977 7ff65ecdbedc-7ff65ecdbede 966->977 978 7ff65ecdbd69-7ff65ecdbd6b call 7ff65ecd4eec 966->978 967->964 968->920 969->940 976 7ff65ecdbce1-7ff65ecdbce3 969->976 980 7ff65ecdbdce-7ff65ecdbde3 971->980 982 7ff65ecdbd63 GetLastError 973->982 983 7ff65ecdbd82-7ff65ecdbd8c 973->983 976->940 987 7ff65ecdbce5-7ff65ecdbcf5 976->987 977->968 978->964 980->968 989 7ff65ecdbde5-7ff65ecdbdf0 980->989 982->978 983->980 987->940 992 7ff65ecdbdf2-7ff65ecdbe0b call 7ff65ecdb6e4 989->992 993 7ff65ecdbe17-7ff65ecdbe1f 989->993 1001 7ff65ecdbe10-7ff65ecdbe12 992->1001 994 7ff65ecdbe21-7ff65ecdbe33 993->994 995 7ff65ecdbe9b-7ff65ecdbea8 call 7ff65ecdb524 993->995 998 7ff65ecdbe35 994->998 999 7ff65ecdbe8e-7ff65ecdbe96 994->999 995->1001 1002 7ff65ecdbe3a-7ff65ecdbe41 998->1002 999->968 1001->968 1004 7ff65ecdbe43-7ff65ecdbe47 1002->1004 1005 7ff65ecdbe7d-7ff65ecdbe88 1002->1005 1006 7ff65ecdbe63 1004->1006 1007 7ff65ecdbe49-7ff65ecdbe50 1004->1007 1005->999 1009 7ff65ecdbe69-7ff65ecdbe79 1006->1009 1007->1006 1008 7ff65ecdbe52-7ff65ecdbe56 1007->1008 1008->1006 1010 7ff65ecdbe58-7ff65ecdbe61 1008->1010 1009->1002 1011 7ff65ecdbe7b 1009->1011 1010->1009 1011->999
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                  • Instruction ID: a71439093bbdd0e472669109d2e04037a3c0ab8fb730e24a11d2a0be1ecc10d5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5C105AA94C6C741EF209B1583402BD67B6FBA1B80F5D0131FA6EA7795CF7EE8458300
                                                                                                                                                                                                  Function 00007FF65ECC8760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 995526605-0
                                                                                                                                                                                                  • Opcode ID: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                  • Instruction ID: 96230f349bee962d87834677ede1aecfcf775b81da9192df0a075c5a91471dc5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA2153A2B0CB4342EF209B55B65423AA3B1FB957A0F180235F67D93AE5DF6CE4448700
                                                                                                                                                                                                  Function 00007FF65ECC90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC8760: GetCurrentProcess.KERNEL32 ref: 00007FF65ECC8780
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC8760: OpenProcessToken.ADVAPI32 ref: 00007FF65ECC8793
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC8760: GetTokenInformation.KERNELBASE ref: 00007FF65ECC87B8
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC8760: GetLastError.KERNEL32 ref: 00007FF65ECC87C2
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC8760: GetTokenInformation.KERNELBASE ref: 00007FF65ECC8802
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC8760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF65ECC881E
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC8760: CloseHandle.KERNEL32 ref: 00007FF65ECC8836
                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF65ECC3C55), ref: 00007FF65ECC916C
                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF65ECC3C55), ref: 00007FF65ECC9175
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                  • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                  • API String ID: 6828938-1529539262
                                                                                                                                                                                                  • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                  • Instruction ID: 29a44f9c6edf5aa6475ad02c05c7068f3de68df55b4b8ec79ebbe1cf14e701ea
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89214FA1B08B8281EE159B20E6162EA6271FFA8780F494035FA6EA7796DF3CD545C740
                                                                                                                                                                                                  Function 00007FF65ECC7E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(00000000,?,00007FF65ECC352C,?,00000000,00007FF65ECC3F23), ref: 00007FF65ECC7F22
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateDirectory
                                                                                                                                                                                                  • String ID: %.*s$%s%c$\
                                                                                                                                                                                                  • API String ID: 4241100979-1685191245
                                                                                                                                                                                                  • Opcode ID: 8ca7fb79b4ea6b2c566bb37e9ebd00ba932afb87f6e77ad964f7d4209dd14296
                                                                                                                                                                                                  • Instruction ID: 732dc7d434914dea7db5392a3c1ae562b3c5341a17027f3c792e940e0039b441
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ca7fb79b4ea6b2c566bb37e9ebd00ba932afb87f6e77ad964f7d4209dd14296
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E131D8A2719AC185EF218721A5507AA6374EFA8BE0F081231FE7D97BC9DE2CD6418700
                                                                                                                                                                                                  Function 00007FF65ECDCFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65ECDCFBB), ref: 00007FF65ECDD0EC
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65ECDCFBB), ref: 00007FF65ECDD177
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                                  • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                  • Instruction ID: 4ca6b6960beb28e50d00825e994000892dccf9855bda9dfb5f1dae041387a30b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A291E7E6E5869285FB509F6597402BD2FB0EB64794F184235FE2EB3684CE39E442C700
                                                                                                                                                                                                  Function 00007FF65ECDF9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_isindst
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4170891091-0
                                                                                                                                                                                                  • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                  • Instruction ID: 05b85ff67052947e9b07ebadbf31bd7ee0cb32ba4b288abb8da660198d4cbb48
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3751D6B6F041A296EF24DF249B516BC27B5BB60358F580135ED2DE2AE5DF39E4418600
                                                                                                                                                                                                  Function 00007FF65ECD57EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2780335769-0
                                                                                                                                                                                                  • Opcode ID: 6433626fc0a770ba4f6d83c09f3326f67990d509dea1b3a303c7df294cc1bd66
                                                                                                                                                                                                  • Instruction ID: 4f16e6d07dabd33e9d5d1536f991121e860e824d6fd21179587e7117d9bddf8b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6433626fc0a770ba4f6d83c09f3326f67990d509dea1b3a303c7df294cc1bd66
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9951B1A6E086818AFF10DF71D6503BD23B1BB68B58F184435EEADAB688DF39D441C700
                                                                                                                                                                                                  Function 00007FF65ECD5698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1279662727-0
                                                                                                                                                                                                  • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                  • Instruction ID: 89294ccf02e2ca101a95c1835329ba4808cf187248652c53e1ce0a85e3adcda6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A141A3A6D687C2C3EB509B2097103796270FBA4764F189334F6AC53AD1DF6DE4E08700
                                                                                                                                                                                                  Function 00007FF65ECCCCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3251591375-0
                                                                                                                                                                                                  • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                  • Instruction ID: 90abc410ce63ae1a48f03ab2fd733e4e50f4887f2acb2d689f61847c937c9179
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C311694F4864351EE24AB2496527F916B19F61388F4D0438F97EFB2D3DE2DE405C200
                                                                                                                                                                                                  Function 00007FF65ECD9AA0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                  • Opcode ID: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                  • Instruction ID: 6b626989146bbf4acbd38d43219961ba6be4cb3fadbc23fbd0438c973b4d1a63
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5D06799B48A8742EF252B705B9A0B812726F68B51B1C1438F82FAA393ED6DE45D4300
                                                                                                                                                                                                  Function 00007FF65ECD01AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                  • Instruction ID: 36f0bc054f6267295b555d5fcdc6fe191cbf0d323f08f58db8a90b31b9a3b902
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33513AA9A496C246EF249D29970267A66A2FF64BA4F4C4730FD7CA37C5CF3DD4018600
                                                                                                                                                                                                  Function 00007FF65ECDC1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                                  • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                  • Instruction ID: bb4baffcf72ddceaeb8a9e44499c5d075d0ae05d39480c3c2350cc8435e43700
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB11C1A6618A9281DF208B25AA04169B372BB95BF4F584331FE7D9B7E9CE3DD0158700
                                                                                                                                                                                                  Function 00007FF65ECD5994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65ECD58A9), ref: 00007FF65ECD59C7
                                                                                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65ECD58A9), ref: 00007FF65ECD59DD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1707611234-0
                                                                                                                                                                                                  • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                  • Instruction ID: 1db505229da81276d196d4caa1141e9919ce6260a7715064d23c07427d2a09c5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA118FA2A5C69282EF648B10A64117AB7B0FB94771F540236FAFDD1AD8EF7DD014DB00
                                                                                                                                                                                                  Function 00007FF65ECDA9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,?,?,00007FF65ECE2D92,?,?,?,00007FF65ECE2DCF,?,?,00000000,00007FF65ECE3295,?,?,?,00007FF65ECE31C7), ref: 00007FF65ECDA9CE
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF65ECE2D92,?,?,?,00007FF65ECE2DCF,?,?,00000000,00007FF65ECE3295,?,?,?,00007FF65ECE31C7), ref: 00007FF65ECDA9D8
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                  • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                  • Instruction ID: 4058e15ab50f726d01340860b04fdbcb6098253c23f4a865c8cba763a970e331
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3E04F94E4964352FF15ABB2574613812716FA8741B0C0530E93DE63A1EE2DE9858200
                                                                                                                                                                                                  Function 00007FF65ECDABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CloseHandle.KERNELBASE(?,?,?,00007FF65ECDAA45,?,?,00000000,00007FF65ECDAAFA), ref: 00007FF65ECDAC36
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF65ECDAA45,?,?,00000000,00007FF65ECDAAFA), ref: 00007FF65ECDAC40
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                                                  • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                  • Instruction ID: aae8fb7dbadc3ae151fcab947e0d02a4986a6ba2d53f0b43a45c8ea81540286f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D221A4A5F5C6C242EFA49761975127952B29FA47B0F0C4235FA3EE73C2CE6EE4458300
                                                                                                                                                                                                  Function 00007FF65ECDBF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 77f2f9c0c3853e5df4dc99a11e1b25eaa2aec769d06f52d5773e5caefc843251
                                                                                                                                                                                                  • Instruction ID: 6f6a9a7ad56ce4bbb8c874bc2adf7f8c0a5069ae89ad28dfea04c64a198de6b7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77f2f9c0c3853e5df4dc99a11e1b25eaa2aec769d06f52d5773e5caefc843251
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B41F5BA94828587EF349B19A74027973B1EB65B40F181135FAAED36D1CF2EF402CB51
                                                                                                                                                                                                  Function 00007FF65ECC7F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _fread_nolock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 840049012-0
                                                                                                                                                                                                  • Opcode ID: 7d2ffc6bbc79ae5a2c74bce1da3196692eb5c07e0d710da80585856a36faa807
                                                                                                                                                                                                  • Instruction ID: 66989f0b49e6579b6ece946873a0fc13e40dedff6ea0b9ea09095e2eeb56669c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d2ffc6bbc79ae5a2c74bce1da3196692eb5c07e0d710da80585856a36faa807
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 022180A3B4869285EE10DA2267057BB9661BF55BD4F8C4470FE7DAB786CE3DE0418600
                                                                                                                                                                                                  Function 00007FF65ECDB9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                  • Instruction ID: 04e04c2d01e4d6e23cf86351e5ec35fa36c0678164a994e9a12f197e64596bfd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4931E3A5A5868281FF00AB5587013BC2670BF60B91F8A0235FA7DA73E2DF7EE4518310
                                                                                                                                                                                                  Function 00007FF65ECD99D1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3947729631-0
                                                                                                                                                                                                  • Opcode ID: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                  • Instruction ID: a67c9da56b973f4ce3144d43e6a3e62e6cb9c7f626af0bfe43204efde3cd9473
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC21A3BAE047818AEF258F64C5402FC33B0EB14718F480639E62E9BAD5DFB9D454C740
                                                                                                                                                                                                  Function 00007FF65ECD6004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                  • Instruction ID: 0cba54e51eb027ee43b5c8ebc96990e7d6091a8184bc235b205cd2e6c99aea88
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B1145A6A586C182EF60AF51970017DA2B4BF65B80F4C4431FB9CAB795DF3ED4404701
                                                                                                                                                                                                  Function 00007FF65ECE63C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                  • Instruction ID: 1d790db3114700e701d7c98d06995e6bdd32ef1d46f7acb4c1d8a276380e4d50
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F22153B2618A8286DF628F18D64137976B1EB94B54F184234FAADD76D9DF3DD4008B00
                                                                                                                                                                                                  Function 00007FF65ECD042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                  • Instruction ID: 9222c7244dec50be2dfe8998831d9c48a7a449e142713af1a4f4b958ac720647
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 300182A5A4878140EF059F565B02469A6A2BFA5FE0B4C4631FEBCA7BD6CE3DD4014300
                                                                                                                                                                                                  Function 00007FF65ECD7F6C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                  • Instruction ID: 0da67221a143221a76b05dcf6fa0028e9602f00082d2bd1dd0a008ca23b02c81
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C60169AAE8D6C340FF606A616B4117951B0AF24790F5C4635FA7CE37C6DF3EE4418241
                                                                                                                                                                                                  Function 00007FF65ECD82A8 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                  • Instruction ID: ece18c4c19a80f89ce2c5930834f13d78aecf013946af0f51094fa7c5c07f50b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4E0ECEAE8868786FF147AA5478217911305F75341F4D48B0FA28FB2D3DE2EE8495621
                                                                                                                                                                                                  Function 00007FF65ECDEC08 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FF65ECDB39A,?,?,?,00007FF65ECD4F81,?,?,?,?,00007FF65ECDA4FA), ref: 00007FF65ECDEC5D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                  • Opcode ID: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                  • Instruction ID: b063416324b665f8fb9b5a9038d8e86f0888eaaa52a1a831160a6e290600c086
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15F0C2C8F8968748FF556B6247522B512B05FE6B80F0C4534ED2EEA3D1DE2EF4804210
                                                                                                                                                                                                  Function 00007FF65ECDD66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF65ECD0D00,?,?,?,00007FF65ECD236A,?,?,?,?,?,00007FF65ECD3B59), ref: 00007FF65ECDD6AA
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                  • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                  • Instruction ID: d12fb1c99b6d7dda4cfeb84d8bdc257d455b6e18950a6f17571d051140cc2ebb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DF017C8E8938244FF6566A15B0227C1AB05F647A0F0D0B30F93EE56D5DE2EE4818550

                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                  Function 00007FF65ECC5820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC5830
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC5842
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC5879
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC588B
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC58A4
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC58B6
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC58CF
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC58E1
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC58FD
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC590F
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC592B
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC593D
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC5959
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC596B
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC5987
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC5999
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC59B5
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00007FF65ECC64BF,?,00007FF65ECC336E), ref: 00007FF65ECC59C7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressErrorLastProc
                                                                                                                                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                  • API String ID: 199729137-653951865
                                                                                                                                                                                                  • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                  • Instruction ID: 4d715328e2dc7f0dd149f45cb63a8be0e88bff69447188431795b155d9bd3edd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0722A2E4A49F4792FE26DB55AB265B823B1AF24745F4C1535F87EA2260FF3CF1488240
                                                                                                                                                                                                  Function 00007FF65ECE411C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                  • API String ID: 808467561-2761157908
                                                                                                                                                                                                  • Opcode ID: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                  • Instruction ID: 0d15cf8c192c0243ea852974f75a406daa2856c9842ac44357743e0f132ec5e5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94B2DAB2E186834BEB668E64D6417FD77B1FB64344F485135EA2DA7A84DF38E900CB40
                                                                                                                                                                                                  Function 00007FF65ECCAD1D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                  • API String ID: 0-2665694366
                                                                                                                                                                                                  • Opcode ID: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                  • Instruction ID: da89ff251177168284052cbbb6e1dea41cbfa25632935c01de6a380314763fd7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8552A4B2B146A68BDBA48F14D658B7D3BBAEB54340F094139E66E97780DF3CD844CB40
                                                                                                                                                                                                  Function 00007FF65ECCD19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                                                  • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                  • Instruction ID: 6470d91265fd09e9cdce301be1d2ca4f052eec2502409712438344af2533ae7d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D3141B2609B8285EB618F60E8413EE7371FB94704F084039EA5D97B95DF38D548C710
                                                                                                                                                                                                  Function 00007FF65ECDA684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                  • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                  • Instruction ID: 740475aa619eb30684644246d1cc931a8fddb8fc5656c04daa801ab4b8492b0c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C317E76A08F8286DB208B25E9412AE73B0FB98754F580135FAAD97B54EF3CC545CB00
                                                                                                                                                                                                  Function 00007FF65ECE18E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2227656907-0
                                                                                                                                                                                                  • Opcode ID: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                  • Instruction ID: 55dbca6376e39851edc5a1ebdc7f732f1105d0547b115019e0c0d222c8664dcc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09B1C9A6B18B9341EF629B2196021B96371EB64BE4F4C5131FD6DABBC5DE3CE451C300
                                                                                                                                                                                                  Function 00007FF65ECCD080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                  • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                  • Instruction ID: 2b59f17f7ae3a1c284d26e0bf2ac4ff8191d285a1ed327e065519db080792e37
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7114562B14F068AEF00CB60E9452B933B4FB29768F081E31EA3D967A4DF3CD5588340
                                                                                                                                                                                                  Function 00007FF65ECE3C80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy_s
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1502251526-0
                                                                                                                                                                                                  • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                  • Instruction ID: fa7c66687431f70a688e15510f7fd1dfa23361b4203eb47e9bcb12f785036c2f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FC1E6B2B18A8687DB25CF19A14567AB7A1F7A4784F488134EB5E93744DF3DF900CB40
                                                                                                                                                                                                  Function 00007FF65ECCA4E4 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                  • API String ID: 0-1127688429
                                                                                                                                                                                                  • Opcode ID: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                  • Instruction ID: 076abea46bf2d4c44eb62df5474297f2e5f56c82aeaeb8edbd88d72f0c5b4402
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3F162B2F243958BEB958B14818CA3A7AB9EF54744F094538EA7EA7790CF38D941C740
                                                                                                                                                                                                  Function 00007FF65ECE9798 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 15204871-0
                                                                                                                                                                                                  • Opcode ID: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                  • Instruction ID: 31e0f84bed70aa5520b9e5532a36d6bf2a4d06e0c8863405d934653b62c6fd4d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FDB15DB3A04B8A8BEF16CF29C58636837B0F754B48F188965EA6D977A4CF39D451C700
                                                                                                                                                                                                  Function 00007FF65ECD3A14 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: $
                                                                                                                                                                                                  • API String ID: 0-227171996
                                                                                                                                                                                                  • Opcode ID: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                  • Instruction ID: 40d65d3ecfbab5608bcfdb06c5986126cc0c145e9f53e6b2dcd184f45e450967
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8E1B5BAA4868281EF688F2D875017933B0FF65B44F1C1235EA6EA7694DF2BD851C700
                                                                                                                                                                                                  Function 00007FF65ECCA34B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                  • API String ID: 0-900081337
                                                                                                                                                                                                  • Opcode ID: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                  • Instruction ID: 2834abf6293a7c5e797cec794e1b14c5226ccb40fe07d51c0b002d476e534a73
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B791A9B2B1828587EBA48E14C55CB3E3AB9FB54350F194539EA7E967C0CF38D941CB01
                                                                                                                                                                                                  Function 00007FF65ECDDF60 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: e+000$gfff
                                                                                                                                                                                                  • API String ID: 0-3030954782
                                                                                                                                                                                                  • Opcode ID: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                  • Instruction ID: a2fa330ccddca6d1690027c042ee1b67f2fbca7ca7617244f6bc788e8be93ab8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B516AA6F186C54AEB258A359B017697BA1E765B94F4CD231EB7C87AC5CF3EE040C700
                                                                                                                                                                                                  Function 00007FF65ECDDACC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: gfffffff
                                                                                                                                                                                                  • API String ID: 0-1523873471
                                                                                                                                                                                                  • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                  • Instruction ID: 2766b06c7a211f2b0ec3732bacd5e45bf38635a42930600e86284b4db5d10845
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DBA158E7E487C546EF21CF25A6007A97FA5ABA4784F088231EE6D97785DE3EE501C301
                                                                                                                                                                                                  Function 00007FF65ECD8804 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: TMP
                                                                                                                                                                                                  • API String ID: 3215553584-3125297090
                                                                                                                                                                                                  • Opcode ID: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                  • Instruction ID: 9f4958f7f15d340d0a4b2d6d9a7cbe2f338859919907151eac5f6c65bf0fb440
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E51AF8AF5878241FF64EB265B0117A52B0AF64B84F4C4074FE6EE77D6EE3EE4518200
                                                                                                                                                                                                  Function 00007FF65ECE34F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                  • Opcode ID: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                  • Instruction ID: f83b309d425909a068d4a9c27df0642261bf5b8992623c1330240378ed4d843e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44B09220E07A02C2EE0A6B216E8722823A57F68700F9C0238D41CA1330EE2C24E95700
                                                                                                                                                                                                  Function 00007FF65ECD3610 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                  • Instruction ID: a78144ced97420ae091bb23325df0cfdc099607e22c1224190e60c542c81a424
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25D1B7EAA4868245EF688A2D875023D23B0FB65B58F1D4235EE2DA76D4DF3BD855C300
                                                                                                                                                                                                  Function 00007FF65ECC9870 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                  • Instruction ID: 2518f2eb0ceecc42af5eee4a41df846bdd1e8aeb2bbe391f2a09c26bc94894ed
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6C1AF762181E08BD289EB29E4694BA73E1F78930DB99406BEF97477C5CB3CE414DB10
                                                                                                                                                                                                  Function 00007FF65ECD2C80 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                  • Instruction ID: 7f9eac505bc69dfd5bff286afaa30c2670e58437f2a8d1d49dd22cd6198351c1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31B1C0BA9487D185EB69CF29C24023C3BB0E76AB48F2C2135EA5E97395CF3AD441C700
                                                                                                                                                                                                  Function 00007FF65ECDE5E0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                  • Instruction ID: 656f4cbf16419f8b61e35045ace24e14eda4202c0984aae6d164b4f92273da8a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF8116B6E4C7C14ADBB4CB19974037A7AA1FB56794F084235EAAD93B85DF3ED4008B00
                                                                                                                                                                                                  Function 00007FF65ECE6488 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                  • Opcode ID: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                                  • Instruction ID: 64ed68cca1fc08dceabb8a71f16f99bab6a5f332916638b4052aade1d2af9d47
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C261F8F2F3999346FF669A28820663D65A4AF60370F1C0239F63DE66D5DE7DE8008700
                                                                                                                                                                                                  Function 00007FF65ECD1DC4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                  • Instruction ID: adbcf032e725a585b7c6612ea7523d9879f62ea80e63d5cccbdd5c5b1d6d6745
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81519BBAA5879181EB248B29D34423873B5EB64B58F2C4135EE5DA7794CF3BE843C740
                                                                                                                                                                                                  Function 00007FF65ECD21D4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                  • Instruction ID: eeb78636bc657544d0ccef8ed0e521b942c14b86a09c98c86b45fd94c406f3d7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07518EBAA5869181EB288B19D24023D3374EB64B68F2C5135ED5E577D4CF3BE843C740
                                                                                                                                                                                                  Function 00007FF65ECD19B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                  • Instruction ID: efffc93741ed08a48a272f96ae94759f3890064898c44aed3afcda6b346ca1b0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A5199BAA5879185EB248B29C34027933B0EB65B68F2C4131DE5DA7794DF3BE853C740
                                                                                                                                                                                                  Function 00007FF65ECD1FD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                  • Instruction ID: d0cbe88a9f4ccfa36fe112ee762a18db5f69644cadeabcfe740e45c33b9a6563
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3519C7A65469585EB288B19C64023937B0EB64B58F2C5131EF6EA7794CF3BEC43C740
                                                                                                                                                                                                  Function 00007FF65ECD17B0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                  • Instruction ID: d77418d3e20251461f822b02957d98a364646af4c75d99b506d8a81a9990b3a1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B51D4BAA5879185EB248B29C74023D23B1EB64B58F2D5031EE5CA7794CF3BE852C740
                                                                                                                                                                                                  Function 00007FF65ECD1BC0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                  • Instruction ID: 3c6c5c2e2a30dc0eb253ee8d058cc30343613a345ea8bdfe211cbc01802f585e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 955188BAA5879185EB258B29C34037837B1EBA5B58F284131DE5DA7794CF3BE843C740
                                                                                                                                                                                                  Function 00007FF65ECD5DA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                  • Instruction ID: 7849f218690ee574720b355b4568235820c4a93ffddad856dfe82d13830d0712
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C41BAEA8896CAC5FF55492807046B826A49F32BA1F5C1270FCF9F77C2DD0EA9478101
                                                                                                                                                                                                  Function 00007FF65ECD9F10 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                  • Opcode ID: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                  • Instruction ID: 88fcc82b709e80c169f5a1a45b2c2233b33696f9da815abe421a3d9f90275412
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 124105B6B14A9582EF04CF2ADB54169B3A1BB58FD0B0DA032EE2DE7B54DE3DD4418300
                                                                                                                                                                                                  Function 00007FF65ECD8154 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                  • Instruction ID: 115c8a5bb476ccfcb25406744dfa33fbced775902664d3b4ff5e9fea68e097d5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF31B676B48BC282EB64DF256A4113E66E5AB95BD0F184239FA6DB3BD5DF3CD0014304
                                                                                                                                                                                                  Function 00007FF65ECE95E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                  • Instruction ID: bcb7b27fad11ccc17e5e17afa207d88a2ab8718f36f8e2bcbad43c953576d908
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60F04471B286968ADF98CF6DA54262977E0F718780F489239E58DC3A04DE3CD0618F04
                                                                                                                                                                                                  Function 00007FF65ECCD37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                  • Instruction ID: fc4c85de91eb1d3e6506075f6ac4e6bcf15160bbddba7bb3c79f2870f59c209c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9A001A1A0CC0BD0EA558B00AA920352731BB60300B480031F02DA51A59E3DE8059200
                                                                                                                                                                                                  Function 00007FF65ECC76B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressErrorLastProc
                                                                                                                                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                  • API String ID: 199729137-3427451314
                                                                                                                                                                                                  • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                  • Instruction ID: 846bbbd1be44aa290efc1a00bbdda87bc2617d17f54ae921ae645b1beec04a89
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A002B3E5A0DF07D1EE269B65AB125B826B2AF34755F4C1531F83EA6360EF3CF5488210
                                                                                                                                                                                                  Function 00007FF65ECC81C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF65ECC45E4,00000000,00007FF65ECC1985), ref: 00007FF65ECC9439
                                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,00007FF65ECC88A7,?,?,00000000,00007FF65ECC3CBB), ref: 00007FF65ECC821C
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC2810: MessageBoxW.USER32 ref: 00007FF65ECC28EA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                  • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                  • API String ID: 1662231829-930877121
                                                                                                                                                                                                  • Opcode ID: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                  • Instruction ID: bb081ec896614eb0526e8adcb2a489bcc59776739f601485d7e71da7fb2d28d4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC51A4D2B18A4381FF21DB20DA562BA6271AFB4780F4C1432F53EE6695EE2CF4058340
                                                                                                                                                                                                  Function 00007FF65ECC2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                  • String ID: P%
                                                                                                                                                                                                  • API String ID: 2147705588-2959514604
                                                                                                                                                                                                  • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                  • Instruction ID: 6b52d5261be6553ab0b2b2a0407cf670f06dd53dc7194549403e1f65643b8774
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5951E666604BA186DA359F26A4181BAB7B1FBA8B61F044121EFEE83694DF3CD045DB10
                                                                                                                                                                                                  Function 00007FF65ECC80B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                  • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                  • API String ID: 3975851968-2863640275
                                                                                                                                                                                                  • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                  • Instruction ID: da1c0f30a9476487d4e10b81c5304bacae661ce784303407bf4771eb1a53db9f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86218BA2B08E8381EF568B79AA5517962B1FF95B90F4C4171FE3DD33D4DE2CE5948200
                                                                                                                                                                                                  Function 00007FF65ECD6300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: -$:$f$p$p
                                                                                                                                                                                                  • API String ID: 3215553584-2013873522
                                                                                                                                                                                                  • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                  • Instruction ID: 94a09ecfd87c1d2f6a079d0a74ad70a73d3f97ca8d01b6f5e3f517a421ec0103
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A1271F9A481C386FF249A14D3542BA76B1FB60750F8C4135F6AAA66C4DF3EE590CB01
                                                                                                                                                                                                  Function 00007FF65ECD1038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: f$f$p$p$f
                                                                                                                                                                                                  • API String ID: 3215553584-1325933183
                                                                                                                                                                                                  • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                  • Instruction ID: 9e2b397a936af64932c8cb7d7eedb9e3c0d2a13520ad3a31faa1847d78e0be49
                                                                                                                                                                                                  • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 861272AAE4C2C385FF249A15E3546B97371EB60754F8C4035F6A9D6AC4DF7EE4818B00
                                                                                                                                                                                                  Function 00007FF65ECC1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-3659356012
                                                                                                                                                                                                  • Opcode ID: 5b2c1e9fc095e7eb3c431b17fb97200263da2875c903d2763a27b9f49e70b7d5
                                                                                                                                                                                                  • Instruction ID: d3580d4f08fb1c40e0d27c4f67b921ef7eb2d90cda0f6e538224fbe5b68d8e4f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b2c1e9fc095e7eb3c431b17fb97200263da2875c903d2763a27b9f49e70b7d5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A41A1A5B0869382EE10DB12AA016B963B1FF64BC0F4C4431FE7DA7795DE3CE9458740
                                                                                                                                                                                                  Function 00007FF65ECC1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                  • API String ID: 2050909247-3659356012
                                                                                                                                                                                                  • Opcode ID: d4058f359e5534e9154332fa8772b655c13ee2f9ca662c036acda7bf9a757419
                                                                                                                                                                                                  • Instruction ID: cd19b2145e940e50099d275288444bf671372512c55577913d5354c7f9f7baf9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4058f359e5534e9154332fa8772b655c13ee2f9ca662c036acda7bf9a757419
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A41AEA1B08A8385EF11DB2296011B963B1FF64794F884832FE7DA7B95DE3CE5068740
                                                                                                                                                                                                  Function 00007FF65ECCEA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                  • API String ID: 849930591-393685449
                                                                                                                                                                                                  • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                  • Instruction ID: 408d233f7b4ecef14df323dc2966631d4f95c80a655345eaf9436f6d88672bfe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1D170B2A087818AEF209B2595413BD77B0FB66788F181136FE6DA7B95DF38E541C700
                                                                                                                                                                                                  Function 00007FF65ECC2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF65ECC3706,?,00007FF65ECC3804), ref: 00007FF65ECC2C9E
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF65ECC3706,?,00007FF65ECC3804), ref: 00007FF65ECC2D63
                                                                                                                                                                                                  • MessageBoxW.USER32 ref: 00007FF65ECC2D99
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                  • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                  • API String ID: 3940978338-251083826
                                                                                                                                                                                                  • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                  • Instruction ID: b511832c8a4b361168726db3d091df45a71063711d3c4757e86c8ea5b0905f14
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB31E9A2708B4142EB259711AA012FA66B1BF947D8F450135FF6EE3759DE3CD50AC300
                                                                                                                                                                                                  Function 00007FF65ECCDD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF65ECCDFEA,?,?,?,00007FF65ECCDCDC,?,?,?,00007FF65ECCD8D9), ref: 00007FF65ECCDDBD
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF65ECCDFEA,?,?,?,00007FF65ECCDCDC,?,?,?,00007FF65ECCD8D9), ref: 00007FF65ECCDDCB
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF65ECCDFEA,?,?,?,00007FF65ECCDCDC,?,?,?,00007FF65ECCD8D9), ref: 00007FF65ECCDDF5
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF65ECCDFEA,?,?,?,00007FF65ECCDCDC,?,?,?,00007FF65ECCD8D9), ref: 00007FF65ECCDE63
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF65ECCDFEA,?,?,?,00007FF65ECCDCDC,?,?,?,00007FF65ECCD8D9), ref: 00007FF65ECCDE6F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                  • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                  • Instruction ID: ce61f0f6c5c6728dd6eddfe99df4fa7958642586ab5a1a463622bc66b8ef13f6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A93194E1B1AA4291EE229B02AA0257527B4FF78BA4F5D4539FD3DA7380DF3CE4458710
                                                                                                                                                                                                  Function 00007FF65ECC6350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                  • API String ID: 2050909247-2434346643
                                                                                                                                                                                                  • Opcode ID: c6b32316bfe7a0aff6899d53276924ef6fe1744c5bc58fcca4aca07baf8add6e
                                                                                                                                                                                                  • Instruction ID: 8f026dfc12cbfdd5340b0a9fd2febe72bbe8dd37e107d86862f27c3928603981
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6b32316bfe7a0aff6899d53276924ef6fe1744c5bc58fcca4aca07baf8add6e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC418EB1B08A8791EE25DB20E6552E96331FB64784F880132FA7DE3695EF3CE605C340
                                                                                                                                                                                                  Function 00007FF65ECC2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF65ECC351A,?,00000000,00007FF65ECC3F23), ref: 00007FF65ECC2AA0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                  • API String ID: 2050909247-2900015858
                                                                                                                                                                                                  • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                  • Instruction ID: af9f23ba3a9dec778028458fb3eeef860d1ae5a59dfa5a7a3d490833bb9fc844
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 462183B2B18B8282EB219B51B5417EA63A4FB987C4F440132FEADA3659DF7CD149C740
                                                                                                                                                                                                  Function 00007FF65ECDB1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                  • Opcode ID: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                  • Instruction ID: 295157c4f838a8785cbb037bea5a42242c8dd85e899228546f47c68ee0e635c0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA2159A9E8C68646FF686362575123D61625F647B0F0C8734F93EE7AD6DE2EF4008301
                                                                                                                                                                                                  Function 00007FF65ECE7DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                                  • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                  • Instruction ID: c48fbd538513bca917d961f379145c1bd531ce4364c761a5f1ed357ac93a9605
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD118162A18E4286EB618B52E95533962B1FBA8BF4F080234FA7DD7794DF3CD8448740
                                                                                                                                                                                                  Function 00007FF65ECC8560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF65ECC9216), ref: 00007FF65ECC8592
                                                                                                                                                                                                  • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF65ECC9216), ref: 00007FF65ECC85E9
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECC9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF65ECC45E4,00000000,00007FF65ECC1985), ref: 00007FF65ECC9439
                                                                                                                                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF65ECC9216), ref: 00007FF65ECC8678
                                                                                                                                                                                                  • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF65ECC9216), ref: 00007FF65ECC86E4
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF65ECC9216), ref: 00007FF65ECC86F5
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF65ECC9216), ref: 00007FF65ECC870A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3462794448-0
                                                                                                                                                                                                  • Opcode ID: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                  • Instruction ID: 4609ecb01fa5bebbac0362574fabfe39f1484193968f04cfa82074a3dbe8c6e8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE41A5A2B1868241EE30DB11A6416AA63A4FB94BD4F480035FF7DE7B85EE3CE441C700
                                                                                                                                                                                                  Function 00007FF65ECDB338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF65ECD4F81,?,?,?,?,00007FF65ECDA4FA,?,?,?,?,00007FF65ECD71FF), ref: 00007FF65ECDB347
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF65ECD4F81,?,?,?,?,00007FF65ECDA4FA,?,?,?,?,00007FF65ECD71FF), ref: 00007FF65ECDB37D
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF65ECD4F81,?,?,?,?,00007FF65ECDA4FA,?,?,?,?,00007FF65ECD71FF), ref: 00007FF65ECDB3AA
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF65ECD4F81,?,?,?,?,00007FF65ECDA4FA,?,?,?,?,00007FF65ECD71FF), ref: 00007FF65ECDB3BB
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF65ECD4F81,?,?,?,?,00007FF65ECDA4FA,?,?,?,?,00007FF65ECD71FF), ref: 00007FF65ECDB3CC
                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF65ECD4F81,?,?,?,?,00007FF65ECDA4FA,?,?,?,?,00007FF65ECD71FF), ref: 00007FF65ECDB3E7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                  • Opcode ID: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                  • Instruction ID: 7fd896136b6e850d6e6ee61e691434a8a50e8fc092cb6ea6d095b36dbb82a719
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE1149A8A8C6C686FF6467215B8113D61629F647B0F0C8734F93EE67D6DE2EF4019301
                                                                                                                                                                                                  Function 00007FF65ECC2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF65ECC1B6A), ref: 00007FF65ECC295E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                  • API String ID: 2050909247-2962405886
                                                                                                                                                                                                  • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                  • Instruction ID: d59ae3477a5266d5f80c3c9053873efd8bd4c981c3ba482b2057a1d25c99e85f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8313AA2B18B8142EF209761AA416F762A5BF987D4F040132FEADE3759DF3CD14AC300
                                                                                                                                                                                                  Function 00007FF65ECC2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                  • String ID: Unhandled exception in script
                                                                                                                                                                                                  • API String ID: 3081866767-2699770090
                                                                                                                                                                                                  • Opcode ID: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                  • Instruction ID: 123d96c319fab79916f25db00fde3d1151ffe76a5134be9f0f5dba97e13bb449
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC315FB6A09A8289EF24DB21EA552F96360FF98784F480135FA5E9BB59DF3CD105C700
                                                                                                                                                                                                  Function 00007FF65ECC2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF65ECC918F,?,00007FF65ECC3C55), ref: 00007FF65ECC2BA0
                                                                                                                                                                                                  • MessageBoxW.USER32 ref: 00007FF65ECC2C2A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentMessageProcess
                                                                                                                                                                                                  • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                  • API String ID: 1672936522-3797743490
                                                                                                                                                                                                  • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                  • Instruction ID: 1f2dd96225d4143a403ac81396e415ea59df88d14ecd245858e76860dcc848f0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1221A3A2708B8182EB219B55F6457EA6375FB98780F440136FE9DA7659DE3CD209C700
                                                                                                                                                                                                  Function 00007FF65ECC2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF65ECC1B99), ref: 00007FF65ECC2760
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentProcess
                                                                                                                                                                                                  • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                  • API String ID: 2050909247-1591803126
                                                                                                                                                                                                  • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                  • Instruction ID: 36b2ae09a731c14be8a27834e0b34e5f6eb21b9c071cdb0970694e620c2193eb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B2183B2B18B8282EB21DB51B5417EA63A4FB98384F440131FEADA3659DF7CD2498740
                                                                                                                                                                                                  Function 00007FF65ECD9AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                  • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                  • Instruction ID: 802d80ec8eebb90643de29c173a4fd537f9871a4974fd13b56f07b8b6fce24a3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95F0C2A5B08B0781EF358B20E6463395330AF64761F4C0235EA7E9A2E4DF3CE048C300
                                                                                                                                                                                                  Function 00007FF65ECE93D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                  • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                  • Instruction ID: 327a0595c0b04d87dcf2e766d9230870162d2517175e9b7778766dca08b79115
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9118CE2E5CF9301FE661128E65737920646F79364E0C06B4FE7EAE2DB8E2CE9414205
                                                                                                                                                                                                  Function 00007FF65ECDB400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF65ECDA613,?,?,00000000,00007FF65ECDA8AE,?,?,?,?,?,00007FF65ECDA83A), ref: 00007FF65ECDB41F
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF65ECDA613,?,?,00000000,00007FF65ECDA8AE,?,?,?,?,?,00007FF65ECDA83A), ref: 00007FF65ECDB43E
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF65ECDA613,?,?,00000000,00007FF65ECDA8AE,?,?,?,?,?,00007FF65ECDA83A), ref: 00007FF65ECDB466
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF65ECDA613,?,?,00000000,00007FF65ECDA8AE,?,?,?,?,?,00007FF65ECDA83A), ref: 00007FF65ECDB477
                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF65ECDA613,?,?,00000000,00007FF65ECDA8AE,?,?,?,?,?,00007FF65ECDA83A), ref: 00007FF65ECDB488
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                  • Opcode ID: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                  • Instruction ID: e06824a4f567b469f4a2afb3f87513206121849b28c8e87ce53b9c8de3df12d6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36116DA8E886C245FF59A3225B9127961625FA57B0F0C8334FC3DE67D6DE2EF4018201
                                                                                                                                                                                                  Function 00007FF65ECDB294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                  • Opcode ID: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                  • Instruction ID: bb5f19e88f959ace21b94b7da03438f4f7bc4800e5b98bf6fa6bda7f5e2dc5b9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF111C98E8828745FF6862224B5127921725F66370F4C9734F93EEA7D2DD2EF4015211
                                                                                                                                                                                                  Function 00007FF65ECD6010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: verbose
                                                                                                                                                                                                  • API String ID: 3215553584-579935070
                                                                                                                                                                                                  • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                  • Instruction ID: 877acab9cf6ed55f7c387786e83002219f97d100980fa909622c7703a80759d0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2391B0A6A48A8681EF649E24D75037D33B1AB60B94F4C4136FA6AE73D5DF3EE405C300
                                                                                                                                                                                                  Function 00007FF65ECDFC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                                  • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                  • Instruction ID: b011db656cb54c39fd7c761c7daed954ac3f55060f8df47245e76ea52bd99bf4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F81A1BAD882E285FF644E2583503B836B4BF31748F5D8035FA29E7695DF2FE9018241
                                                                                                                                                                                                  Function 00007FF65ECCD6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2395640692-1018135373
                                                                                                                                                                                                  • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                  • Instruction ID: 5c7970c585c91c286a98d1efbf26c007fc5ef46cf1aa2ddf0fe101823f22973d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A151A1B2B196028ADF148F15D545A387BB1EBA4B98F188135FA7E97748DF3CE881C740
                                                                                                                                                                                                  Function 00007FF65ECCEF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                                  • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                  • Instruction ID: a36de20b9111f44367e94d929642a104674fb489fe63d0f414f669eedb5b45a5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8361A1B2A08BC585EB608B15E5403AAB7B0FB95B84F084225FBBC97B55DF7CD190CB00
                                                                                                                                                                                                  Function 00007FF65ECCF2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                                  • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                  • Instruction ID: d08086afc75b9f3863b945d5c519209470a46aebd4ed6f1337d9cc88054069d2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24516EB2A082928AEF748F25924436876F0FB65B94F1C5236FA7DA7795CF3CE4518700
                                                                                                                                                                                                  Function 00007FF65ECC2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                  • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                  • API String ID: 2030045667-255084403
                                                                                                                                                                                                  • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                  • Instruction ID: f58c95750e965801f8c7a80f732249ea6ca131445cf44979f4ab05235c3cbe3a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC21D1A2B08B8182EB219B54F6417EA63B0FB98780F440136FE9DA3659DE3CD249C700
                                                                                                                                                                                                  Function 00007FF65ECDC610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                                  • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                  • Instruction ID: c2e34e55a22d65200cb3c4a3846b4143df45f906e56cd10eb97a95499d9b2bd6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2D139B6B18A8189EB11CF65D6405FC3771F764798B088236EE6DE7B89DE39D016C340
                                                                                                                                                                                                  Function 00007FF65ECC20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1956198572-0
                                                                                                                                                                                                  • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                  • Instruction ID: cc975b9bbab1921627c2cdd700cd97623b39ceaa3c2b0556a2c9c105b8eb3ce6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0511C6A1B0CA4282FE59876AE7452B952B2EFA4780F4C5031FE7E57B89CD3DD8858200
                                                                                                                                                                                                  Function 00007FF65ECE5B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                                  • API String ID: 1286766494-1684325040
                                                                                                                                                                                                  • Opcode ID: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                  • Instruction ID: f5edb47c7fab8e0dd83794b3c7d598634437c749ea36151760ccb472e9eb14a3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86412992A18A8346FF229B25961337956B0EBA4BA4F184235FFAC97BD5DF3CD441C700
                                                                                                                                                                                                  Function 00007FF65ECD9084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF65ECD90B6
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECDA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF65ECE2D92,?,?,?,00007FF65ECE2DCF,?,?,00000000,00007FF65ECE3295,?,?,?,00007FF65ECE31C7), ref: 00007FF65ECDA9CE
                                                                                                                                                                                                    • Part of subcall function 00007FF65ECDA9B8: GetLastError.KERNEL32(?,?,?,00007FF65ECE2D92,?,?,?,00007FF65ECE2DCF,?,?,00000000,00007FF65ECE3295,?,?,?,00007FF65ECE31C7), ref: 00007FF65ECDA9D8
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF65ECCCC15), ref: 00007FF65ECD90D4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\WVuXCNNYG0.exe
                                                                                                                                                                                                  • API String ID: 3580290477-2792808409
                                                                                                                                                                                                  • Opcode ID: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                  • Instruction ID: ac4207bfe1f0940dad47dac000c1ef5e1ce3df13a013fd8d547f05a5ae1c4771
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C41C0BAA48B9286EF15DF21A7800BD63B4EF547C0B4D4135F95EA7B85DE3EE4818300
                                                                                                                                                                                                  Function 00007FF65ECDCCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                                  • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                  • Instruction ID: 4e88c283677a9c45228a6b63e2782a77b89c2449b74a471daae8eb879313e3d4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A41B1A2B18A8186DB208F25E9457BA6761FBA8794F484031EE5DE7B98EF3DD401C740
                                                                                                                                                                                                  Function 00007FF65ECDF628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                  • API String ID: 1611563598-336475711
                                                                                                                                                                                                  • Opcode ID: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                  • Instruction ID: 3400c13fe668923d054b624d341f75b05344ed75c69570a6b77f48cffb522ee0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B22106A6A086D182FF209B11D24427D63B1FBA4B44F998035E6ACE3A94DF7DE946C740
                                                                                                                                                                                                  Function 00007FF65ECCFDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                  • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                  • Instruction ID: 7342d39c927d7caf81d5ba7f3aef72e3f5de9f0593d73f401a662b57d926c90c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55115B72608B8182EB218F15F540269B7F1FB98B88F584234EEAD57769DF3CC5518B00
                                                                                                                                                                                                  Function 00007FF65ECE07AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.2242448247.00007FF65ECC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65ECC0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242428063.00007FF65ECC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242477133.00007FF65ECEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ECFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242507825.00007FF65ED02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.2242546307.00007FF65ED04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff65ecc0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                  • API String ID: 2595371189-336475711
                                                                                                                                                                                                  • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                  • Instruction ID: f22f1f7772cd3dba3cfed83afdf4cc3f49011519ae59caaa6aa5db25ec4988d5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B01D4A290C64386FF31AF60962327E23B0EF64304F88003AF56DE6691DF3CE405CA14

                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                  Function 00007FF8A80A1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228059308.00007FF8A80A1000.00000020.00000001.01000000.00000031.sdmp, Offset: 00007FF8A80A0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228038387.00007FF8A80A0000.00000002.00000001.01000000.00000031.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228079558.00007FF8A80A3000.00000002.00000001.01000000.00000031.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228110861.00007FF8A80A5000.00000002.00000001.01000000.00000031.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80a0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                  • Instruction ID: b6a1bb0d7abddb906601fac92690d10985e118883e4d356c75c6778f21b09b12
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF31637260AB8199EB608F60E8907EDB364FB94784F44403ADA8E57BD4DF3CD558C728
                                                                                                                                                                                                  Function 00007FF8A8071960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227747005.00007FF8A8071000.00000020.00000001.01000000.00000034.sdmp, Offset: 00007FF8A8070000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227725900.00007FF8A8070000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227771085.00007FF8A8073000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227791496.00007FF8A8075000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8070000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                  • Instruction ID: b6e07ddeaa45931df131cc01fbb8793428fefc4e765ee224a56f08ccc6677691
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF31527260AF8199EB608FA0E8503ED7364FBA4784F44403ADA8D57BD4EF38D558C728
                                                                                                                                                                                                  Function 00007FF8A8091960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227954096.00007FF8A8091000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8A8090000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227930906.00007FF8A8090000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227976816.00007FF8A8094000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227996450.00007FF8A8095000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228016822.00007FF8A8096000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8090000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                                                                                  • Instruction ID: ac97595b28b3736501eb46e0f88212bbbc1e9e2b58c65e353fed01071524643d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F311C7260AE8199EB609F60E8503E97364FB94788F44443ADA8D47A94DF3CD658C728
                                                                                                                                                                                                  Function 00007FF8A8031960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227248634.00007FF8A8031000.00000020.00000001.01000000.00000038.sdmp, Offset: 00007FF8A8030000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227215482.00007FF8A8030000.00000002.00000001.01000000.00000038.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227285284.00007FF8A8033000.00000002.00000001.01000000.00000038.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227319351.00007FF8A8035000.00000002.00000001.01000000.00000038.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8030000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                  • Instruction ID: c3848f3b4df6ab16d1fed6c0a494adb1df7a35711acb282d4cf4d2c473e7ad9e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9131817260AB8199EB608F61E8903ED7360FB98784F44503ADA8D47BC4DF3CD658C728
                                                                                                                                                                                                  Function 00007FF8A8021960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227049805.00007FF8A8021000.00000020.00000001.01000000.00000039.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227004497.00007FF8A8020000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227073249.00007FF8A8024000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227153942.00007FF8A8025000.00000004.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227184897.00007FF8A8026000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8020000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                                                                                  • Instruction ID: 01ca9b3c8cd773c74646f3677d3b8de87124478b11764a6c53125fe36d62cbd1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7631527260AB8199EB608F60E8907ED7364FB94784F44403ADB8E47BD4EF78D558C728
                                                                                                                                                                                                  Function 00007FF8A7FE1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2226564287.00007FF8A7FE1000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF8A7FE0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226539913.00007FF8A7FE0000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226589522.00007FF8A7FE3000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226612083.00007FF8A7FE4000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226638134.00007FF8A7FE5000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a7fe0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                  • Instruction ID: 08ceaf49f38d54a9c501df7f098c01e11137a2f2253913e558d73924b1c51dbc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85313A7260AA819AEB609F71E8503FD7365FB84788F44443ADB4E47A98EF3CD648D710
                                                                                                                                                                                                  Function 00007FF8A7FF1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2226694947.00007FF8A7FF1000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226669762.00007FF8A7FF0000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226741406.00007FF8A7FF6000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226771432.00007FF8A7FFB000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a7ff0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: 26897df24f70a55c30b919b36952ff972a20fdcb0ee0bee13c52e1828fe953fd
                                                                                                                                                                                                  • Instruction ID: 85220d32ec9542cca738031193715cc1b970b4d6f867988d2be77523cbf75500
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26897df24f70a55c30b919b36952ff972a20fdcb0ee0bee13c52e1828fe953fd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA316D7260AB829AEB608F70E8507ED7364FB84784F44403ADA4E57B98EF7CD648D714
                                                                                                                                                                                                  Function 00007FF8A8081960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227831750.00007FF8A8081000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227811897.00007FF8A8080000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227856131.00007FF8A8085000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227886002.00007FF8A8086000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227907274.00007FF8A8087000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8080000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: 36b791249e45fdaaaa5c0498a025d542db75cf109b22524036ed28c1776144b0
                                                                                                                                                                                                  • Instruction ID: 409aed40c147e798505bac67361107f51941b091df542bbe262641bc9e366053
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36b791249e45fdaaaa5c0498a025d542db75cf109b22524036ed28c1776144b0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5231527260AB81D9EB608F60E8503ED73A4FB94784F44403ADA8D47BD4DF38D598CB68
                                                                                                                                                                                                  Function 00007FF8A8001A80 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2226834848.00007FF8A8001000.00000020.00000001.01000000.0000003A.sdmp, Offset: 00007FF8A8000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226798468.00007FF8A8000000.00000002.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226867528.00007FF8A8005000.00000002.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226904444.00007FF8A800F000.00000004.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226972370.00007FF8A8010000.00000002.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8000000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: 4daa35a496de95c00f3549ff2ee86a4c9bdd8fe61db81f85dce5350646ac50d2
                                                                                                                                                                                                  • Instruction ID: ff1a9c62ba369a331b40025080ca133b5e4b7a2e5f4b8f0c85684b789420a9e0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4daa35a496de95c00f3549ff2ee86a4c9bdd8fe61db81f85dce5350646ac50d2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53316E7260AB8196EB608F60E8543ED3374FB94784F44403ADA8D97AD4EF3CD658C728
                                                                                                                                                                                                  Function 00007FF8A8051960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227547186.00007FF8A8051000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF8A8050000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227522872.00007FF8A8050000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227569379.00007FF8A8052000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227590104.00007FF8A8054000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8050000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: d51bb506f30b3b5fdb72a703574b3b87f2bee8d52957f5e63ce3b87c7c7ed3f5
                                                                                                                                                                                                  • Instruction ID: c9a9139761afbc101ee0e0d70cd1ae7fde4c6a263169d98abad24393a58d4b88
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d51bb506f30b3b5fdb72a703574b3b87f2bee8d52957f5e63ce3b87c7c7ed3f5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F631A37260AB8199EB648F60E8503ED3365FB94384F44943ADA8E43BC9DF3CD158C728
                                                                                                                                                                                                  Function 00007FF8A8041960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227447490.00007FF8A8041000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF8A8040000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227350339.00007FF8A8040000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227478284.00007FF8A8043000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227500062.00007FF8A8045000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8040000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                  • Instruction ID: 11ec52bf989f058e55782bfdfd569a6e2062974143c32e83f11bcb87d98cd7dd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0931907265AB8199EF608FA0E8507ED3360FB94384F44443ADA8D43BC5DF38D658C728
                                                                                                                                                                                                  Function 00007FF8A8061960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227633869.00007FF8A8061000.00000020.00000001.01000000.00000035.sdmp, Offset: 00007FF8A8060000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227612669.00007FF8A8060000.00000002.00000001.01000000.00000035.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227654069.00007FF8A8063000.00000002.00000001.01000000.00000035.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227683663.00007FF8A8064000.00000004.00000001.01000000.00000035.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227704732.00007FF8A8065000.00000002.00000001.01000000.00000035.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8060000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                  • Instruction ID: d405c4794c4ad900d54d5803eb4e62d2b3cfe6c75ea3de04940b928ae9e960dc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5231707260AB8199EB60CFA0E8503ED7361FB94784F44443ADA8D47BD4DF78D658C728
                                                                                                                                                                                                  Function 00007FF8A80CADB8 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                                  • Opcode ID: ea843acdad7c56c70b9743c44a311b0c1a9b6eb90ef1f84dc8ae54790f9ea7a2
                                                                                                                                                                                                  • Instruction ID: 820c59996d858c03d482f050c5d7a4369c6325f12a86a777a18d0e44b2e7fafe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea843acdad7c56c70b9743c44a311b0c1a9b6eb90ef1f84dc8ae54790f9ea7a2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D311EB260AB819AEB609F60E8503ED7364FB84788F54403ADB4E47BD5DF38D558C728
                                                                                                                                                                                                  Function 00007FF8A8081D30 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 257COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227831750.00007FF8A8081000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227811897.00007FF8A8080000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227856131.00007FF8A8085000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227886002.00007FF8A8086000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227907274.00007FF8A8087000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8080000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memcpy$_wassert
                                                                                                                                                                                                  • String ID: D:\a\pycryptodome\pycryptodome\src\hash_SHA2_template.c$hs->curlen < BLOCK_SIZE
                                                                                                                                                                                                  • API String ID: 4178124637-3286700114
                                                                                                                                                                                                  • Opcode ID: 9fd48034940160ff137dafc7768c8653c858100760cfcc45bc03f43c08ef4dc7
                                                                                                                                                                                                  • Instruction ID: 891d58ad4d45c0b9aebd4f27f273adeeca5c6c60bc357786d27e5e50031049ee
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fd48034940160ff137dafc7768c8653c858100760cfcc45bc03f43c08ef4dc7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30B1C222E19B919AEB01CF38C9046F977A1FBA57C8F059231EE4D12A86DF38E5D5C704
                                                                                                                                                                                                  Function 00007FF8A8092150 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227954096.00007FF8A8091000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8A8090000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227930906.00007FF8A8090000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227976816.00007FF8A8094000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227996450.00007FF8A8095000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228016822.00007FF8A8096000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8090000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memset$_wassert
                                                                                                                                                                                                  • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                                                                                  • API String ID: 3746435480-330188172
                                                                                                                                                                                                  • Opcode ID: ec1bbc4525a17b2e5544630095f9eeea00682da089bfad3eed65e714ba66035c
                                                                                                                                                                                                  • Instruction ID: c22bb74f195dc3d1a2557268bf2fd43de1667455349809644721b1f2d65b9005
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec1bbc4525a17b2e5544630095f9eeea00682da089bfad3eed65e714ba66035c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6751A42321A6D09EC709CF7D855006C7F71E766B4870CC0AAEBA48778BCA28D679C775
                                                                                                                                                                                                  Function 00007FF8A8022EB0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 283COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227049805.00007FF8A8021000.00000020.00000001.01000000.00000039.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227004497.00007FF8A8020000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227073249.00007FF8A8024000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227153942.00007FF8A8025000.00000004.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227184897.00007FF8A8026000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8020000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _wassert
                                                                                                                                                                                                  • String ID: OCB_ENCRYPT==direction || OCB_DECRYPT==direction$src/raw_ocb.c
                                                                                                                                                                                                  • API String ID: 3234217646-1106498308
                                                                                                                                                                                                  • Opcode ID: 96f1c7f081ec5b5f110a8a436ffb5769e61779f6ca8b250aca86d5a0fd4485a4
                                                                                                                                                                                                  • Instruction ID: 42a3c5b68ff62c5a63841dec94980c9aceb2c0c564baf6f4aad170c22bf367d3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96f1c7f081ec5b5f110a8a436ffb5769e61779f6ca8b250aca86d5a0fd4485a4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7E14B4210E2E018C7168F7590206BE7FF0DB1FA59F4D41BADBE84E58BD658C254EB3A
                                                                                                                                                                                                  Function 00007FF8A80B4510 Relevance: 42.4, APIs: 14, Strings: 10, Instructions: 362COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • write_raw_integer_data, xrefs: 00007FF8A80B47DE
                                                                                                                                                                                                  • implicit cast from 'char *' to a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct), xrefs: 00007FF8A80B4626
                                                                                                                                                                                                  • convert_from_object: '%s', xrefs: 00007FF8A80B4A25
                                                                                                                                                                                                  • write_raw_complex_data, xrefs: 00007FF8A80B4A0C
                                                                                                                                                                                                  • cdata pointer, xrefs: 00007FF8A80B468E
                                                                                                                                                                                                  • pointer or array, xrefs: 00007FF8A80B46A5
                                                                                                                                                                                                  • implicit cast to 'char *' from a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct), xrefs: 00007FF8A80B461F
                                                                                                                                                                                                  • pointer to same type, xrefs: 00007FF8A80B46BC
                                                                                                                                                                                                  • write_raw_integer_data: bad integer size, xrefs: 00007FF8A80B47D7
                                                                                                                                                                                                  • write_raw_complex_data: bad complex size, xrefs: 00007FF8A80B4A05
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_Warn
                                                                                                                                                                                                  • String ID: cdata pointer$convert_from_object: '%s'$implicit cast from 'char *' to a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct)$implicit cast to 'char *' from a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct)$pointer or array$pointer to same type$write_raw_complex_data$write_raw_complex_data: bad complex size$write_raw_integer_data$write_raw_integer_data: bad integer size
                                                                                                                                                                                                  • API String ID: 734914325-3043910273
                                                                                                                                                                                                  • Opcode ID: afafe24922391c459654689ce4c6693d3d2dd3445accf8ef715d7716a803c564
                                                                                                                                                                                                  • Instruction ID: 278babe9cf8c77a41c7752283549e4ae9dfcbdbc078918bfc0518f47113ec653
                                                                                                                                                                                                  • Opcode Fuzzy Hash: afafe24922391c459654689ce4c6693d3d2dd3445accf8ef715d7716a803c564
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFE14761B0BE42A9FE608F15A44817923A0FF55BD4F544531DA4E426E0EF3CEEB5CA2C
                                                                                                                                                                                                  Function 00007FF8A80BA910 Relevance: 31.7, APIs: 6, Strings: 12, Instructions: 221COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • ctype '%s' (size %zd) not supported as %s%s, xrefs: 00007FF8A80BAC05
                                                                                                                                                                                                  • return value, xrefs: 00007FF8A80BA920
                                                                                                                                                                                                  • argument, xrefs: 00007FF8A80BA927
                                                                                                                                                                                                  • ctype '%s' has incomplete type, xrefs: 00007FF8A80BA992
                                                                                                                                                                                                  • ctype '%s' not supported as %s by libffi. Unions are only supported as %s if the function is 'API mode' and non-variadic (i.e. declared inside ffibuilder.cdef()+ffibuilder.set_source() and not taking a final '...' argument), xrefs: 00007FF8A80BABCC
                                                                                                                                                                                                  • It is a struct with bit fields, which libffi does not support, xrefs: 00007FF8A80BAAA5
                                                                                                                                                                                                  • It is a struct with a zero-length array, which libffi does not support, xrefs: 00007FF8A80BAA9C
                                                                                                                                                                                                  • ctype '%s' has size 0, xrefs: 00007FF8A80BA999
                                                                                                                                                                                                  • (the support for complex types inside libffi is mostly missing at this point, so CFFI only supports complex types as arguments or return value in API-mode functions), xrefs: 00007FF8A80BABFA
                                                                                                                                                                                                  • It is a struct declared with "...;", but the C calling convention may depend on the missing fields; or, it contains anonymous struct/unions, xrefs: 00007FF8A80BA9FC
                                                                                                                                                                                                  • It is a 'packed' structure, with a different layout than expected by libffi, xrefs: 00007FF8A80BAA0E
                                                                                                                                                                                                  • ctype '%s' not supported as %s. %s. Such structs are only supported as %s if the function is 'API mode' and non-variadic (i.e. declared inside ffibuilder.cdef()+ffibuilder.set_source() and not taking a final '...' argument), xrefs: 00007FF8A80BAABC
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: (the support for complex types inside libffi is mostly missing at this point, so CFFI only supports complex types as arguments or return value in API-mode functions)$It is a 'packed' structure, with a different layout than expected by libffi$It is a struct declared with "...;", but the C calling convention may depend on the missing fields; or, it contains anonymous struct/unions$It is a struct with a zero-length array, which libffi does not support$It is a struct with bit fields, which libffi does not support$argument$ctype '%s' (size %zd) not supported as %s%s$ctype '%s' has incomplete type$ctype '%s' has size 0$ctype '%s' not supported as %s by libffi. Unions are only supported as %s if the function is 'API mode' and non-variadic (i.e. declared inside ffibuilder.cdef()+ffibuilder.set_source() and not taking a final '...' argument)$ctype '%s' not supported as %s. %s. Such structs are only supported as %s if the function is 'API mode' and non-variadic (i.e. declared inside ffibuilder.cdef()+ffibuilder.set_source() and not taking a final '...' argument)$return value
                                                                                                                                                                                                  • API String ID: 0-3203576518
                                                                                                                                                                                                  • Opcode ID: 91a60309c1201fcbff79e3b7a875e322f5ef19b41dd8c5b9171f57c97773f230
                                                                                                                                                                                                  • Instruction ID: 83932f6dcb2ec9febc1f7dd0497a62e520ccb30971106f9f52e412bbc5bf6db2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91a60309c1201fcbff79e3b7a875e322f5ef19b41dd8c5b9171f57c97773f230
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64918C62A0BB42A9FE508F15E54867923A4FB44BD8F454032DE4D937E0DF3CE4A5CB28
                                                                                                                                                                                                  Function 00007FF8A80C4580 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 196stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_$FormatObject_$DeallocOccurredTrackstrcmp
                                                                                                                                                                                                  • String ID: '%s %.200s' is opaque in the ffi.include(), but no longer in the ffi doing the include (workaround: don't use ffi.include() but duplicate the declarations of everything using %s %.200s)$'%s %.200s' should come from ffi.include() but was not found$FILE$struct$struct $struct _IO_FILE$union$union
                                                                                                                                                                                                  • API String ID: 1251701841-281863512
                                                                                                                                                                                                  • Opcode ID: 8e036e2844b051469bcf4b31112dec2c57e13b12b28c27cd0149affa9344cf3d
                                                                                                                                                                                                  • Instruction ID: 3c959fe23644381b48c689e2dbd2f071ac61c077301c2d8db095ce8fc619e2ff
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e036e2844b051469bcf4b31112dec2c57e13b12b28c27cd0149affa9344cf3d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE9117B2A06A42A6EF10CF25E84026837A4FB48BE4F454235DB6D477E4DF3CE465C768
                                                                                                                                                                                                  Function 00007FF8A80B61B0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 94COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_$FormatLong_OccurredSsize_t$String
                                                                                                                                                                                                  • String ID: cdata of type '%s' cannot be indexed$index too large (expected %zd <= %zd)$negative index$slice start > stop$slice start must be specified$slice stop must be specified$slice with step not supported
                                                                                                                                                                                                  • API String ID: 564475518-3973974439
                                                                                                                                                                                                  • Opcode ID: fc2cef9232994741ca4fe200dcfea594a668e3ee079a1f2ac3a9d476730cffc8
                                                                                                                                                                                                  • Instruction ID: 6866cb478e238ad3ac09b2accd413a94e87514bb0882119f48894b577d57ff8e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc2cef9232994741ca4fe200dcfea594a668e3ee079a1f2ac3a9d476730cffc8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE415971A0AE02A9FE149F95E8480782760FB88BD4F454631DB2D477E4DF3CE4B18728
                                                                                                                                                                                                  Function 00007FF8A80B25A0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • builtins, xrefs: 00007FF8A80B25ED
                                                                                                                                                                                                  • _cffi_error_capture, xrefs: 00007FF8A80B25C2
                                                                                                                                                                                                  • __builtins__, xrefs: 00007FF8A80B260A
                                                                                                                                                                                                  • import sysclass FileLike: def write(self, x): try: of.write(x) except: pass self.buf += x def flush(self): passfl = FileLike()fl.buf = ''of = sys.stderrsys.stderr = fldef done(): sys.stderr = of return fl.buf, xrefs: 00007FF8A80B263D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_$DeallocImport_ModuleString$ClearDictDict_FlagsImportItemModule_OccurredRun_UnraisableWrite
                                                                                                                                                                                                  • String ID: __builtins__$_cffi_error_capture$builtins$import sysclass FileLike: def write(self, x): try: of.write(x) except: pass self.buf += x def flush(self): passfl = FileLike()fl.buf = ''of = sys.stderrsys.stderr = fldef done(): sys.stderr = of return fl.buf
                                                                                                                                                                                                  • API String ID: 2387839683-950058525
                                                                                                                                                                                                  • Opcode ID: 19fe21f271e7442d25d3103835c50ccb39658e7b69a728fbdb021a384b3e77a4
                                                                                                                                                                                                  • Instruction ID: 51f796816f9558b6a457a6d4eb59e5d227769ca6433bd4c0e5db60377b13345e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19fe21f271e7442d25d3103835c50ccb39658e7b69a728fbdb021a384b3e77a4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB213A65A0BB02A9FE459F60E9182B823A0EF44BD1F060535CA0E437F0DF3CE5A5C728
                                                                                                                                                                                                  Function 00007FF8A80C5910 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 188COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Dict_Err_FormatItem$DeallocUnicode_
                                                                                                                                                                                                  • String ID: or $cdata object$ctype object$expected a %s%s%s%s%s, got '%.200s'$string$the type '%s%s' is a function type, not a pointer-to-function type$unexpected symbol
                                                                                                                                                                                                  • API String ID: 3047486896-3137146848
                                                                                                                                                                                                  • Opcode ID: e48489101ec95c841d86b78e47a6197ee3134ba41591d101bfc84f079dba80d9
                                                                                                                                                                                                  • Instruction ID: 82406400c5eab0af3902a40e0ce1a9d905079a7572589bd0f8dc95228e864bbc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e48489101ec95c841d86b78e47a6197ee3134ba41591d101bfc84f079dba80d9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40818CB6A0AB42A5EF508F15E4903B967A1FB84BD5F884031DB4D836D4DF3CE4A5C728
                                                                                                                                                                                                  Function 00007FF8A80B59F0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 125COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LongLong_
                                                                                                                                                                                                  • String ID: int() not supported on cdata '%s'$read_raw_float_data$read_raw_float_data: bad float size$read_raw_signed_data$read_raw_signed_data: bad integer size
                                                                                                                                                                                                  • API String ID: 1954241474-3524632987
                                                                                                                                                                                                  • Opcode ID: d62b5bc8ff23949be585d8430b8588d3943835305f9611146c7a104307dac948
                                                                                                                                                                                                  • Instruction ID: 9d0061c5bc35d537143b07ad91d7e4f18500bd61ba5fc96e5931ea6dacf56b1f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d62b5bc8ff23949be585d8430b8588d3943835305f9611146c7a104307dac948
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57515272E0AA02A5EE548F19E49513823A1FF99BD4F544071CA4E833E0DF3DE4A6CB24
                                                                                                                                                                                                  Function 00007FF8A80B1D68 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_Slice_String$AdjustBytes_CheckFromIndex_IndicesNumber_OccurredSizeSsize_tUnpack
                                                                                                                                                                                                  • String ID: buffer doesn't support slicing with step != 1$buffer index out of range$buffer indices must be integers, not %.200s
                                                                                                                                                                                                  • API String ID: 3001075121-863229255
                                                                                                                                                                                                  • Opcode ID: c3bbac0e351e823eb68676c4cd5ce7afb934f6ef43e78c458449ebea6c2e5c67
                                                                                                                                                                                                  • Instruction ID: fd59ac1221196879294d8b7dd5863b47a2f700fff34923a87127fbf3da754e74
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3bbac0e351e823eb68676c4cd5ce7afb934f6ef43e78c458449ebea6c2e5c67
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD4193A6B0AA82A2EF01CF25F8441B96370FB99BD4F454132DB5D436A4DF3CE4A5C724
                                                                                                                                                                                                  Function 00007FF8A80BBD60 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 102COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Callable_CheckDeallocSize$BuildBytes_Err_FormatFromStringValue_memset
                                                                                                                                                                                                  • String ID: OOOO$expected a callable object for 'onerror', not %.200s$expected a callable object, not %.200s$expected a function ctype, got '%s'
                                                                                                                                                                                                  • API String ID: 2491357067-2441438866
                                                                                                                                                                                                  • Opcode ID: 4020317c1fca9fb9c650a107a7e6a97b17715a6bbdeb8766cf46be8e5f530d4b
                                                                                                                                                                                                  • Instruction ID: fe4addff71a18d6e64eb1795482b3b8cfdc591836e2fab8875d84ffb184aaa3e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4020317c1fca9fb9c650a107a7e6a97b17715a6bbdeb8766cf46be8e5f530d4b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC415372A0AA46E6EF108F26E81416927A0FB49BD4F444035DF8D877E4DF3CE4A5CB14
                                                                                                                                                                                                  Function 00007FF8A80B1970 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Buffer_$Err_Release$String$BufferContiguousFormatObject_
                                                                                                                                                                                                  • String ID: contiguous buffer expected$expected a pointer or array ctype, got '%s'$right operand length must match slice length
                                                                                                                                                                                                  • API String ID: 917851491-2344006768
                                                                                                                                                                                                  • Opcode ID: c2aae864342acb74752e73ec3745920d1ba676c7a557cbc33d049a253a943c13
                                                                                                                                                                                                  • Instruction ID: 6390fb3db594023ca18e13fbfc2f9c4e5b7a4c78afb63107bd8cf50a17c3d085
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2aae864342acb74752e73ec3745920d1ba676c7a557cbc33d049a253a943c13
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1041B562B0AA82E6EF10CF15E85407923A0FF58BD4F544231DA9E436E4DF7CE965C728
                                                                                                                                                                                                  Function 00007FF8A80B8D80 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_ErrorFormatLast$AddressArg_Object_ParseProcSizeTuple_
                                                                                                                                                                                                  • String ID: O!s:read_variable$error 0x%x$library '%s' has already been closed$variable '%s' not found in library '%s': %s
                                                                                                                                                                                                  • API String ID: 4169278214-767532634
                                                                                                                                                                                                  • Opcode ID: f1854dddd00d2dc07dbc5580063100e3c2a1b95eca19e54a93221191acd3c986
                                                                                                                                                                                                  • Instruction ID: 2fa3dd386d6b6af1ecba7bcb7fb5ceeef955f7698aa50a313b3d783ae37f254f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1854dddd00d2dc07dbc5580063100e3c2a1b95eca19e54a93221191acd3c986
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8316FA5A1AA42A1EF008F25E44417A63A0FF84BC4F440532DE5D47BA8DF3CE469C768
                                                                                                                                                                                                  Function 00007FF8A80A1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228059308.00007FF8A80A1000.00000020.00000001.01000000.00000031.sdmp, Offset: 00007FF8A80A0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228038387.00007FF8A80A0000.00000002.00000001.01000000.00000031.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228079558.00007FF8A80A3000.00000002.00000001.01000000.00000031.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228110861.00007FF8A80A5000.00000002.00000001.01000000.00000031.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80a0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                  • Opcode ID: 4f5290068470706af306daab517f58543be73385f34af613a25d9ec276a3a886
                                                                                                                                                                                                  • Instruction ID: 6a34437fd0b4aa3c5a68546fb87927146237edbf112e12a57276b793313e9815
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f5290068470706af306daab517f58543be73385f34af613a25d9ec276a3a886
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7081AE25E0E6436AFF509B6594412B9E290FFA57C0F444035DA8E877D6EF3CE421C728
                                                                                                                                                                                                  Function 00007FF8A8071030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227747005.00007FF8A8071000.00000020.00000001.01000000.00000034.sdmp, Offset: 00007FF8A8070000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227725900.00007FF8A8070000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227771085.00007FF8A8073000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227791496.00007FF8A8075000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8070000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                  • Opcode ID: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                  • Instruction ID: e810b0a04949781a70b5d2f969a283e806620b912daaa9303911c3985dd0f425
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81816A21E1AE43AAFF50AB6594413B922A1FF757C0F444035DA8C977D6FF3CE4268628
                                                                                                                                                                                                  Function 00007FF8A8091030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227954096.00007FF8A8091000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8A8090000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227930906.00007FF8A8090000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227976816.00007FF8A8094000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227996450.00007FF8A8095000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228016822.00007FF8A8096000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8090000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                  • Opcode ID: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                                                                                  • Instruction ID: ce7b534de6adcf2922800791e95e25d1ec0e59e34d224440dd44076a27d4a5aa
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD818E21F0AE436AFF50AB76944127932A1FFA57C0F444035D99D877E6EF3CE4228628
                                                                                                                                                                                                  Function 00007FF8A8031030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227248634.00007FF8A8031000.00000020.00000001.01000000.00000038.sdmp, Offset: 00007FF8A8030000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227215482.00007FF8A8030000.00000002.00000001.01000000.00000038.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227285284.00007FF8A8033000.00000002.00000001.01000000.00000038.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227319351.00007FF8A8035000.00000002.00000001.01000000.00000038.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8030000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                  • Opcode ID: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                  • Instruction ID: 2a185fde670b22b3d5b2dd866a8631b25e920a3eff2f48c33371e29ff0b9088a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A819C21E0E6436AFF51AB67A4412B96290FF6D7C0F444435FA8C877D6DF3CE4228628
                                                                                                                                                                                                  Function 00007FF8A8021030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227049805.00007FF8A8021000.00000020.00000001.01000000.00000039.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227004497.00007FF8A8020000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227073249.00007FF8A8024000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227153942.00007FF8A8025000.00000004.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227184897.00007FF8A8026000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8020000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                  • Opcode ID: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                                                                                  • Instruction ID: e8e05704db6adebf714a907966d3832b7c9357d41c8220c7e794a663179e9554
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6781AC21E0A6476AFF509B6594412796291FFA57C0F444035DB8C837D6FFBCF4368628
                                                                                                                                                                                                  Function 00007FF8A7FE1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2226564287.00007FF8A7FE1000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF8A7FE0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226539913.00007FF8A7FE0000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226589522.00007FF8A7FE3000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226612083.00007FF8A7FE4000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226638134.00007FF8A7FE5000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a7fe0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                  • Opcode ID: 31d8e522e61a33cf479bf52350be3450eaa8bff41c9a3cd264d2142d6b397c0f
                                                                                                                                                                                                  • Instruction ID: b20d006fa9cd479cb5cee32558107d1bac3c2599a2e059459fced21e5260a15b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31d8e522e61a33cf479bf52350be3450eaa8bff41c9a3cd264d2142d6b397c0f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D281AF60E1E243A6FE50AF77A8412BD6295EF857C0F584139DA0D83796FE3CEB45A700
                                                                                                                                                                                                  Function 00007FF8A7FF1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2226694947.00007FF8A7FF1000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF8A7FF0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226669762.00007FF8A7FF0000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226741406.00007FF8A7FF6000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226771432.00007FF8A7FFB000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a7ff0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                  • Opcode ID: 3667c9311effcda5bebfcd6f0c463b07b4ccdab133b9d1969c09bf43b1d98b8c
                                                                                                                                                                                                  • Instruction ID: ddf7fcc696abef03fe69cc6fb77b00f53d1577a47a63081b7f35a79d0a3071aa
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3667c9311effcda5bebfcd6f0c463b07b4ccdab133b9d1969c09bf43b1d98b8c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9881A021E0E643A6FF50AF7698412BE2294EF55BC0F584039D90C97796DEFCEB05A700
                                                                                                                                                                                                  Function 00007FF8A8081030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227831750.00007FF8A8081000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227811897.00007FF8A8080000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227856131.00007FF8A8085000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227886002.00007FF8A8086000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227907274.00007FF8A8087000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8080000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                  • Opcode ID: f971a88d3ae81d83572a64a31c4b34b717c22cee03bf39ed2423e9f1d9f776a2
                                                                                                                                                                                                  • Instruction ID: a9eb2778a9cbb84f76f1eac9af77c94acf88c43c53405ef6537ad744ef6067a5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f971a88d3ae81d83572a64a31c4b34b717c22cee03bf39ed2423e9f1d9f776a2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2818B20E0A243AAFF50AB6598412B932D1EFA5BC0F544435D98D877D6DF3CE4F187A8
                                                                                                                                                                                                  Function 00007FF8A80012CC Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2226834848.00007FF8A8001000.00000020.00000001.01000000.0000003A.sdmp, Offset: 00007FF8A8000000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226798468.00007FF8A8000000.00000002.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226867528.00007FF8A8005000.00000002.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226904444.00007FF8A800F000.00000004.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226972370.00007FF8A8010000.00000002.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8000000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                  • Opcode ID: 25c34cf625cfd52ada091fdb65a0fc74a29e9636dd4e47856e36c618d7ae6fa2
                                                                                                                                                                                                  • Instruction ID: 948d858f825c84d18ab4cb07886756ecf373399ceb321e060efa9d3324eec495
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25c34cf625cfd52ada091fdb65a0fc74a29e9636dd4e47856e36c618d7ae6fa2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E81B021E0E643A6FF509B66A4412B922B0EF657C1F444035EACD8B7D2DF3CE5768728
                                                                                                                                                                                                  Function 00007FF8A8051030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227547186.00007FF8A8051000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF8A8050000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227522872.00007FF8A8050000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227569379.00007FF8A8052000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227590104.00007FF8A8054000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8050000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                  • Opcode ID: 24c3fed21fc67ae49763962a26a68a14fa9aac4efc55a0f38d91ad800b1c64bd
                                                                                                                                                                                                  • Instruction ID: 641ddf1f08e4a076d687c74f54fb5c0e7f794932fc390adb0ed5852e2c0b2634
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24c3fed21fc67ae49763962a26a68a14fa9aac4efc55a0f38d91ad800b1c64bd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3981AF20E0E2436AFF589B6694512B92290EF657C0F04F435DA8E877D6EF3CE465863C
                                                                                                                                                                                                  Function 00007FF8A8041030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227447490.00007FF8A8041000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF8A8040000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227350339.00007FF8A8040000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227478284.00007FF8A8043000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227500062.00007FF8A8045000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8040000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                  • Opcode ID: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                  • Instruction ID: 48aad0762adc1dc5d0be92eefdb56b564c2d948519e503490db69ac319f9c6a7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C819E21EDF6476AFF50AB6594412B92291FFA57C0F444035DA8E837E6DF3CE8318628
                                                                                                                                                                                                  Function 00007FF8A8061030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227633869.00007FF8A8061000.00000020.00000001.01000000.00000035.sdmp, Offset: 00007FF8A8060000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227612669.00007FF8A8060000.00000002.00000001.01000000.00000035.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227654069.00007FF8A8063000.00000002.00000001.01000000.00000035.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227683663.00007FF8A8064000.00000004.00000001.01000000.00000035.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227704732.00007FF8A8065000.00000002.00000001.01000000.00000035.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8060000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 349153199-0
                                                                                                                                                                                                  • Opcode ID: 13216a91d280a0ad17bb93d9638d94c9aa7988d3a2199bea0cdda77358a17c13
                                                                                                                                                                                                  • Instruction ID: ad54622abb243360b687438ab0df36c430d5028d08f87e039860386a63b45ad9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13216a91d280a0ad17bb93d9638d94c9aa7988d3a2199bea0cdda77358a17c13
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5481AE20E0E683AAFF50DB65944127922A0FF657C0F044035E98D877D6EFFCE4658728
                                                                                                                                                                                                  Function 00007FF8A80B9570 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 186COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • PyErr_SetString.PYTHON312(?,?,?,?,00000000,00000000,00007FF8A80B729B), ref: 00007FF8A80B95D1
                                                                                                                                                                                                  • _PyObject_GC_NewVar.PYTHON312(?,?,?,?,00000000,00000000,00007FF8A80B729B), ref: 00007FF8A80B9768
                                                                                                                                                                                                  • PyObject_GC_Track.PYTHON312(?,?,?,?,00000000,00000000,00007FF8A80B729B), ref: 00007FF8A80B97AA
                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000,00007FF8A80B729B), ref: 00007FF8A80B97BA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Object_$Err_StringTrackmemcpy
                                                                                                                                                                                                  • String ID: double$float$long double$primitive type '%s' has size %d; the supported sizes are 1, 2, 4, 8
                                                                                                                                                                                                  • API String ID: 1250498430-2195461940
                                                                                                                                                                                                  • Opcode ID: b9b4bd686c0b7d980a607a1e1505f7a2736158eea20b8c1650ff5888c06c7e61
                                                                                                                                                                                                  • Instruction ID: 5805c7576a25a2864c4cc327985f03a50aebee95715f6ce3a21893b6cf67f1a6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9b4bd686c0b7d980a607a1e1505f7a2736158eea20b8c1650ff5888c06c7e61
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A81A162A4E782A9EF54CF25E45807827A0FF41BD4F440135DA4E176E8EF3CE562CB28
                                                                                                                                                                                                  Function 00007FF8A80B7D20 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 172COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_$DeallocFormatInitObject_Stringmalloc
                                                                                                                                                                                                  • String ID: array size would overflow a Py_ssize_t$cannot instantiate ctype '%s' of unknown size$expected a pointer or array ctype, got '%s'
                                                                                                                                                                                                  • API String ID: 3721622924-1738891937
                                                                                                                                                                                                  • Opcode ID: 203bd65f97b3b91bf9145b79f1931da84dd3c818db7281400d4032b7af9e5268
                                                                                                                                                                                                  • Instruction ID: 053f5ca715fdfa8629d7e5f45f09ad930e1cbc33a69a7c762db36bb27a7eb04a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 203bd65f97b3b91bf9145b79f1931da84dd3c818db7281400d4032b7af9e5268
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5715021A0A607AAEE288F16D5442782BA0FF44BD4F440035DE5D477E4DF3CF9A6CB68
                                                                                                                                                                                                  Function 00007FF8A7FE2760 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 154COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2226564287.00007FF8A7FE1000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF8A7FE0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226539913.00007FF8A7FE0000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226589522.00007FF8A7FE3000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226612083.00007FF8A7FE4000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226638134.00007FF8A7FE5000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a7fe0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _wassert$memcpy
                                                                                                                                                                                                  • String ID: ((Nk==4) && (Nr==10)) || ((Nk==6) && (Nr==12)) || ((Nk==8) && (Nr==14))$(idx>=1) && (idx<=10)$src/AESNI.c$src/AESNI.c
                                                                                                                                                                                                  • API String ID: 4292997394-722309440
                                                                                                                                                                                                  • Opcode ID: d39dd8ff127fcd6812d8991013f514968d842da6ae2888197d778fac17dca971
                                                                                                                                                                                                  • Instruction ID: ae80204b87df6b7f334689761d8a04b319135f7cb05a147d2f3c8e0850924285
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d39dd8ff127fcd6812d8991013f514968d842da6ae2888197d778fac17dca971
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0061D072E09A86A5EA218F35E4042BD7361FF98B84F504236CB4D63645FF3CE685D744
                                                                                                                                                                                                  Function 00007FF8A80C85B0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Arg_ClearDict_Err_ErrorFormatFreeLastLibraryParseSizeTuple_Unicode___stdio_common_vsprintf
                                                                                                                                                                                                  • String ID: closing library '%s': %s$error 0x%x
                                                                                                                                                                                                  • API String ID: 3709125606-4000567706
                                                                                                                                                                                                  • Opcode ID: 11cee66fe837d19775e87c6625fade0d4b2f2581af4f54aab030b7b6574c378d
                                                                                                                                                                                                  • Instruction ID: 06de56135df59ce18723ef7ae19b2d5d34e3acc374375ac296482966ed9b5dae
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11cee66fe837d19775e87c6625fade0d4b2f2581af4f54aab030b7b6574c378d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1213961A1AA82A2EF44CF16E84006A6360FF88FC0F551032DB5D837A4DF3CE965C728
                                                                                                                                                                                                  Function 00007FF8A80BE940 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_$Occurred$DeallocFormatObject_Unicode_
                                                                                                                                                                                                  • String ID: 8-bit int$integer %s does not fit '%s'
                                                                                                                                                                                                  • API String ID: 4129581467-3624244522
                                                                                                                                                                                                  • Opcode ID: dc085fcf2b57c0e09125b0cb8cb07fc8f99a36aa64b17531676cd353cc19aeac
                                                                                                                                                                                                  • Instruction ID: 18b7b4d743f380cc29be6805491c1688e4ad484c48889ae73cc6ae1a3525f9c8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc085fcf2b57c0e09125b0cb8cb07fc8f99a36aa64b17531676cd353cc19aeac
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31118261F0BA02A5EE446FA5E8483782390EF44BD0F058031DA0E063D4DF3CE4A98728
                                                                                                                                                                                                  Function 00007FF8A80B6D50 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 70COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_Long$AttrDict_GenericItemLong_Object_OccurredString
                                                                                                                                                                                                  • String ID: cannot delete struct field$cdata '%s' has no attribute '%s'$cdata '%s' has no field '%s'$cdata '%s' points to an opaque type: cannot write fields
                                                                                                                                                                                                  • API String ID: 3507916589-3282381042
                                                                                                                                                                                                  • Opcode ID: 9b29c16fa045ca136bcacd05488022c57aab267b6520d96aa7ddc49fd6ce27a7
                                                                                                                                                                                                  • Instruction ID: 52d083f35ae600daff824938360859f49939c08c02044a93334595c946fd4680
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b29c16fa045ca136bcacd05488022c57aab267b6520d96aa7ddc49fd6ce27a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7318F71A0AB82A5EE10AF15E4482792760FF46FD4F440131DE6D577D9CF3CE8628728
                                                                                                                                                                                                  Function 00007FF8A8091D30 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 195COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227954096.00007FF8A8091000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8A8090000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227930906.00007FF8A8090000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227976816.00007FF8A8094000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227996450.00007FF8A8095000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228016822.00007FF8A8096000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8090000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _wassert$memcpy
                                                                                                                                                                                                  • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                                                                                  • API String ID: 4292997394-330188172
                                                                                                                                                                                                  • Opcode ID: 9aa7c3724df43c7763e1fe33636668700a5e685dea0693ead42e9f10e503c155
                                                                                                                                                                                                  • Instruction ID: 3e349e4a6d024158baf47b37d59f2f0d93c3f4c9e2ae2db9cc21e3dc2d3463f0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9aa7c3724df43c7763e1fe33636668700a5e685dea0693ead42e9f10e503c155
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0919F22F19A859AFB11CB38D5043BD7361FBA8388F419221DF8C12A9ADF3CE595C710
                                                                                                                                                                                                  Function 00007FF8A80B2920 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DeallocObject_$ClearDict_FreeItemRefsTrackWeak
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2303943592-0
                                                                                                                                                                                                  • Opcode ID: 5281ba59460151379513deaece5fbc7f97450a4c9895c88d5ea50fc7f3853007
                                                                                                                                                                                                  • Instruction ID: 42035adb011580c6d220f88912ea4fd750c6f69c91881fce48447a1e8902ec9b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5281ba59460151379513deaece5fbc7f97450a4c9895c88d5ea50fc7f3853007
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D221C97290BA02A9EF558F65D85C33833A0EB58F99F045131CA0D461D4CF3DA4A1CB28
                                                                                                                                                                                                  Function 00007FF8A80B9950 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_$String$Arg_Number_OccurredParseSizeSsize_tTuple_
                                                                                                                                                                                                  • String ID: O!O:new_array_type$negative array length
                                                                                                                                                                                                  • API String ID: 3893677698-1806197627
                                                                                                                                                                                                  • Opcode ID: 667bbbe7a2185914b3b4b824aba0e42bf06a34faae8301afd8c22bcf33a742a6
                                                                                                                                                                                                  • Instruction ID: 8ab64290908370edfd2971a37d934d19be4ee3882a8f81d06e9d76f1c44281a1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 667bbbe7a2185914b3b4b824aba0e42bf06a34faae8301afd8c22bcf33a742a6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE0192A5B0BA42A0EE00DF59E84407963A1FF84BE4F844232DA5D433E4EF3CE068C724
                                                                                                                                                                                                  Function 00007FF8A7FE1D30 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2226564287.00007FF8A7FE1000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF8A7FE0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226539913.00007FF8A7FE0000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226589522.00007FF8A7FE3000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226612083.00007FF8A7FE4000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226638134.00007FF8A7FE5000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a7fe0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _aligned_free_aligned_malloc$callocfree
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2511558924-0
                                                                                                                                                                                                  • Opcode ID: 8fb2105fd7c39bf321232f7441f6f1b7ebcf620c9448f78960a77339e4ca462d
                                                                                                                                                                                                  • Instruction ID: 1e3fa02820efff172a577dc1061ba795ebf5dc6323c2dc2b356f6e6ae213427f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fb2105fd7c39bf321232f7441f6f1b7ebcf620c9448f78960a77339e4ca462d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A413B66A0AB42A6EA25CF62E45423C73A4FF48BD0F484531DE4D43794FF7CEA95A301
                                                                                                                                                                                                  Function 00007FF8A80C792B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • global variable '%.200s' should be %zd bytes according to the cdef, but is actually %zd, xrefs: 00007FF8A80C7968
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Dealloc$Err_Format$Dict_Item
                                                                                                                                                                                                  • String ID: global variable '%.200s' should be %zd bytes according to the cdef, but is actually %zd
                                                                                                                                                                                                  • API String ID: 3830123900-276371364
                                                                                                                                                                                                  • Opcode ID: bc69f846bbe908aa3b1f298b2c6cab019fc9750a59e2bab75fff88cb0835d384
                                                                                                                                                                                                  • Instruction ID: 9231b544a0cb77dcca86993a56a2f075c82746a44923e10bf8a2cd9323339b5d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc69f846bbe908aa3b1f298b2c6cab019fc9750a59e2bab75fff88cb0835d384
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96215EA2A0B64291FF519F5AD4406796BA1EF89BD4F084431CF0D477D5DF3CE5618328
                                                                                                                                                                                                  Function 00007FF8A8082400 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227831750.00007FF8A8081000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FF8A8080000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227811897.00007FF8A8080000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227856131.00007FF8A8085000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227886002.00007FF8A8086000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227907274.00007FF8A8087000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8080000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _wassertmemcpy
                                                                                                                                                                                                  • String ID: @$D:\a\pycryptodome\pycryptodome\src\hash_SHA2_template.c$hs->curlen < BLOCK_SIZE
                                                                                                                                                                                                  • API String ID: 785382960-4190453202
                                                                                                                                                                                                  • Opcode ID: 9866ec4c9cf0936fe4a954d78d9ff4afd309cd52094dbb7c2e93bcceac7e3399
                                                                                                                                                                                                  • Instruction ID: a2180ccbcc3b0244493fe9e6ee1a5ec26ed2ef21a4c894b2b8befaefa5143a2a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9866ec4c9cf0936fe4a954d78d9ff4afd309cd52094dbb7c2e93bcceac7e3399
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F21BC33B0A611DBEF549F15E01026973A0FB65BD8F186031DE4A03B99CB3CD891CB18
                                                                                                                                                                                                  Function 00007FF8A80B3110 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Dealloc
                                                                                                                                                                                                  • String ID: an integer is required$integer conversion failed
                                                                                                                                                                                                  • API String ID: 3617616757-1846422268
                                                                                                                                                                                                  • Opcode ID: 7809733d7cd1f8e9f7524f195d2639f2e74a98a67b81af8ddee571cc842d2f0a
                                                                                                                                                                                                  • Instruction ID: d0b4942e6546fe64958b4b91bc8f36f119c8dd01c2e9b609b045a55e1b5fc899
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7809733d7cd1f8e9f7524f195d2639f2e74a98a67b81af8ddee571cc842d2f0a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E217422B0AB46A9EE558F15E94427863A0EF48BF4F195631DF2D073E4DF3CE4A48714
                                                                                                                                                                                                  Function 00007FF8A80B9D90 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Arg_ParseSizeTuple_strcmp
                                                                                                                                                                                                  • String ID: FILE$s:new_struct_type$struct _IO_FILE
                                                                                                                                                                                                  • API String ID: 3757293142-674226114
                                                                                                                                                                                                  • Opcode ID: fd3a60de0ca84b9ee791de28b189f2f851fb8b2f8231fe578e3776eb59bb0570
                                                                                                                                                                                                  • Instruction ID: 38c47c1a84d21e63c18318916dcda5a2700229242c8b0b61b9840fdcae5058c4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd3a60de0ca84b9ee791de28b189f2f851fb8b2f8231fe578e3776eb59bb0570
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E01D8A1A0968296DF409F12E8402BA77A1FB857C0F8C5032D78E036C5DF3CD421CB24
                                                                                                                                                                                                  Function 00007FF8A80B55B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Unicode_$DeallocFormatFromObject_Repr
                                                                                                                                                                                                  • String ID: <cdata '%s' %s %s>
                                                                                                                                                                                                  • API String ID: 3526755465-1199376545
                                                                                                                                                                                                  • Opcode ID: 92e8b411aa87ab1fc87cb18141ce1d7fd9f4644be2a94bc0e60e910f9e080c53
                                                                                                                                                                                                  • Instruction ID: bbbc5a5376c11ebcd562ee7f448868f4e3984b0d559ce0f0fb9aa4c390a36e71
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92e8b411aa87ab1fc87cb18141ce1d7fd9f4644be2a94bc0e60e910f9e080c53
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C014F71A0AA8192EE548F56F954129A3A0FF48FD4F485031EF4E43B99DF3CD4A18714
                                                                                                                                                                                                  Function 00007FF8A80BC9A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Arg_Err_ParseSizeStringTuple_
                                                                                                                                                                                                  • String ID: O!O!n:rawaddressof$expected a cdata struct/union/array/pointer object$expected a pointer ctype
                                                                                                                                                                                                  • API String ID: 4247878537-375230600
                                                                                                                                                                                                  • Opcode ID: ff3d13d3c1bd2ecf70dcc6f6de814df9574445e062849f9b6d2bb57c48f062f7
                                                                                                                                                                                                  • Instruction ID: d7c370e2d3a6ed7ea168b7d98502003adfac03c13f177997e07c087f71650576
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff3d13d3c1bd2ecf70dcc6f6de814df9574445e062849f9b6d2bb57c48f062f7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A113066A0AB86A2EE01CF24E4441A933B0FB84BD8F950232DB5D436E4DF3CD169CB14
                                                                                                                                                                                                  Function 00007FF8A80B15B0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value$ErrorLast_errnomalloc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2411484184-0
                                                                                                                                                                                                  • Opcode ID: e488a826f195c001651052e684a3a9f0d19f84a96cf89817c6b9f1d79835e855
                                                                                                                                                                                                  • Instruction ID: 6ac2d7e9345b424ed4d90f6f58334b1b6279ae0ea1b3edb7dbe210954285e227
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e488a826f195c001651052e684a3a9f0d19f84a96cf89817c6b9f1d79835e855
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01016D71E0A74196EF018F21E45412873A1FF88BC4F198238DB4D073A4EF3CE8A48B24
                                                                                                                                                                                                  Function 00007FF8A80B6980 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • cannot subtract cdata '%s' and cdata '%s', xrefs: 00007FF8A80B6A7A
                                                                                                                                                                                                  • pointer subtraction: the distance between the two pointers is not a multiple of the item size, xrefs: 00007FF8A80B6A4C
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_$FormatString
                                                                                                                                                                                                  • String ID: cannot subtract cdata '%s' and cdata '%s'$pointer subtraction: the distance between the two pointers is not a multiple of the item size
                                                                                                                                                                                                  • API String ID: 4212644371-3794040536
                                                                                                                                                                                                  • Opcode ID: 395e169c5739ba28758f6a1c21c95846833e8ea4a1d44cf29ab1dbb009c727f8
                                                                                                                                                                                                  • Instruction ID: 6fbab6f949a6bd55b14dc17d6cd566a78bacfc6d45582b73590cadb82223c9d2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 395e169c5739ba28758f6a1c21c95846833e8ea4a1d44cf29ab1dbb009c727f8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27318F72F0BA46A5EEA09B45D4586742390FB44BC4F455936CA2C472E0DF7CE8F5CB28
                                                                                                                                                                                                  Function 00007FF8A8092300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227954096.00007FF8A8091000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FF8A8090000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227930906.00007FF8A8090000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227976816.00007FF8A8094000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227996450.00007FF8A8095000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228016822.00007FF8A8096000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8090000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _wassertmemcpy
                                                                                                                                                                                                  • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                                                                                  • API String ID: 785382960-330188172
                                                                                                                                                                                                  • Opcode ID: c0c0089d6db84a754a9f4dd4ff2d59823096eb03f0e69a83426b2c5603fec51d
                                                                                                                                                                                                  • Instruction ID: 84e60c057ae1ae7525bae05ed8a428d723aa6f2fa8ecbb33a60673cd0d9723e6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0c0089d6db84a754a9f4dd4ff2d59823096eb03f0e69a83426b2c5603fec51d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8621B222B0AA519AEF148F19E14037D7762EF84BC8F149035DA5D47BC9CF3CD8A18748
                                                                                                                                                                                                  Function 00007FF8A80B3920 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • PyErr_Format.PYTHON312 ref: 00007FF8A80B3A11
                                                                                                                                                                                                    • Part of subcall function 00007FF8A80B11A0: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8A80B11EB
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_Format__stdio_common_vsprintf
                                                                                                                                                                                                  • String ID: initializer for ctype 'char16_t' must be a unicode string of length 1, not %.200s$larger-than-0xFFFF character$unicode string of length %zd
                                                                                                                                                                                                  • API String ID: 3682193652-3085492373
                                                                                                                                                                                                  • Opcode ID: b42d2b992fd0f15b7e2c26160689cf66ed3603904f2301dfe72343b861151498
                                                                                                                                                                                                  • Instruction ID: 5b148ee2d8477b9c1c71571fdfd9c8606033d4537f3c5a0226e056f98f79cf59
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b42d2b992fd0f15b7e2c26160689cf66ed3603904f2301dfe72343b861151498
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27318421A0FA42A9FE60CB14D45937863E0FF957C8FA54132D68D426E4DF3CE569CB28
                                                                                                                                                                                                  Function 00007FF8A80C6100 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_FromLong_SizeSsize_tStringTuple_
                                                                                                                                                                                                  • String ID: offsetof() expects at least 2 arguments
                                                                                                                                                                                                  • API String ID: 1664805531-4287892465
                                                                                                                                                                                                  • Opcode ID: f00b09bba9f38762a77f4bafc419a15b5121ad400c08834d8ddbbda3a053e21e
                                                                                                                                                                                                  • Instruction ID: b621e6f8d243f517a4c9434f1a1c5b0d51318d5f007a4802921faa6b4d57b911
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f00b09bba9f38762a77f4bafc419a15b5121ad400c08834d8ddbbda3a053e21e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 671190B2B1AA419AEF148F21E4401B923A0FB89BC5F081435EF5E43B85CF3CD4A18728
                                                                                                                                                                                                  Function 00007FF8A80C6950 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_$Arg_FormatKeywords_OccurredParseSizeTuple
                                                                                                                                                                                                  • String ID: integer constant '%.200s' not found
                                                                                                                                                                                                  • API String ID: 2363003521-2598228679
                                                                                                                                                                                                  • Opcode ID: 672c97ed1388c1b5454143079bf92689344c8bb2180d1a9fbbd5984362136aff
                                                                                                                                                                                                  • Instruction ID: 8023280ceadfc6cfb117e6ff7812b2a1a9a7c01e2ad053004aeecb3dbed2ebd5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 672c97ed1388c1b5454143079bf92689344c8bb2180d1a9fbbd5984362136aff
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE014FA5B1BA46A1EE508F61E410175A3A0EF98BD0F445035DE5D477E0EF3CE1A98728
                                                                                                                                                                                                  Function 00007FF8A80BC910 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Size$Arg_BuildErr_ParseStringTuple_Value_
                                                                                                                                                                                                  • String ID: (On)$O!O|i:typeoffsetof
                                                                                                                                                                                                  • API String ID: 1294453720-945657874
                                                                                                                                                                                                  • Opcode ID: a9e96af6e96d563c977228fa90480bf78f758e699be6a10abd642ecc536274d7
                                                                                                                                                                                                  • Instruction ID: ca8aab865fb3a6d26379f0b20d8b34ba6d6dd7ff7a5a377475fe2618dd74da36
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9e96af6e96d563c977228fa90480bf78f758e699be6a10abd642ecc536274d7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A30162B561AB46E1DE00CF51E8440AA7760FF857C4F841136EA8E43BA4DF3CE119CB54
                                                                                                                                                                                                  Function 00007FF8A80C5D20 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Item$ClearDeallocDict_Err_SubtypeTuple_Type_Unicode_
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2830349452-0
                                                                                                                                                                                                  • Opcode ID: 7247e3d3d3da37e9cbc845cff0bd3705929a9b1aa68531a92463a3f350e90a1c
                                                                                                                                                                                                  • Instruction ID: dcfa8958641fe72ad99b73bc7c37069037ca4f093cd2b1cb8ddc963fc431ce0c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7247e3d3d3da37e9cbc845cff0bd3705929a9b1aa68531a92463a3f350e90a1c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81312DB6A0AB0292EE688F16D15523963E1FB89BD1F084034CB4D877D4DF7CE4B18764
                                                                                                                                                                                                  Function 00007FF8A80CA9A0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                  • Opcode ID: 596be0927f78f84991075cbdc7975b617f20e2a8a8906028a2789e57974fb007
                                                                                                                                                                                                  • Instruction ID: 69d0a642d33181f440dc70153263d465e1b6dfa118a723474e7025e6bf3aa71f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 596be0927f78f84991075cbdc7975b617f20e2a8a8906028a2789e57974fb007
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B111862B15B019AEF00CF60E8542A833A4FB19798F440E35DA6D867A4EF78D1A8C350
                                                                                                                                                                                                  Function 00007FF8A7FE2AF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2226564287.00007FF8A7FE1000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF8A7FE0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226539913.00007FF8A7FE0000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226589522.00007FF8A7FE3000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226612083.00007FF8A7FE4000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2226638134.00007FF8A7FE5000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a7fe0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _wassert
                                                                                                                                                                                                  • String ID: (idx>=1) && (idx<=10)$src/AESNI.c
                                                                                                                                                                                                  • API String ID: 3234217646-2495715787
                                                                                                                                                                                                  • Opcode ID: f34cea9cfd06ae8d0bacecc527501edc0e611be2f02bd286901079fb247b3b81
                                                                                                                                                                                                  • Instruction ID: eaf45d7545cd63c06ff306b2d3a78ff1b2c0fb810c154809ae9e7e45f18f1b37
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f34cea9cfd06ae8d0bacecc527501edc0e611be2f02bd286901079fb247b3b81
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4021563390D7C15BD7034F75949909C7FA0EB96B90B99C1AAD38483602FA9C99C7D711
                                                                                                                                                                                                  Function 00007FF8A8061EB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _wassert.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,00007FF8A8061E02), ref: 00007FF8A8061EF4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2227633869.00007FF8A8061000.00000020.00000001.01000000.00000035.sdmp, Offset: 00007FF8A8060000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227612669.00007FF8A8060000.00000002.00000001.01000000.00000035.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227654069.00007FF8A8063000.00000002.00000001.01000000.00000035.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227683663.00007FF8A8064000.00000004.00000001.01000000.00000035.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2227704732.00007FF8A8065000.00000002.00000001.01000000.00000035.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a8060000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _wassert
                                                                                                                                                                                                  • String ID: (void*)in != (void*)out$src/scrypt.c
                                                                                                                                                                                                  • API String ID: 3234217646-1092544927
                                                                                                                                                                                                  • Opcode ID: b1a4e3b3e2a0e0797d6cdbaf5825b108bf68dc55db4e2b5cc03aba4bda832255
                                                                                                                                                                                                  • Instruction ID: ab5919cede963c0212eca73d90563d130d45db1b0b1b4ce86c611a75674445e1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1a4e3b3e2a0e0797d6cdbaf5825b108bf68dc55db4e2b5cc03aba4bda832255
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC11C262B05B9192EE14CB46FC002A9A660FB95BC0F494435EE8D47B94EF7CC556C308
                                                                                                                                                                                                  Function 00007FF8A80B7960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_FormatObject_
                                                                                                                                                                                                  • String ID: cdata '%s' does not support iteration
                                                                                                                                                                                                  • API String ID: 2473357163-1739368148
                                                                                                                                                                                                  • Opcode ID: 6c488f7799fa390b29dea17249abf4c880117c5121d23be5963cdd351ac3da00
                                                                                                                                                                                                  • Instruction ID: b1c81b6a18a2869693cd69c368a601fe9210a1c9a8e64aa34c1ff3a8f6fd64e9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c488f7799fa390b29dea17249abf4c880117c5121d23be5963cdd351ac3da00
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 751139F2A06B0596EF19CF29E49426827A0FB99F98B041036CE4C873A4DF38D4B5C764
                                                                                                                                                                                                  Function 00007FF8A80B2D70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Err_ItemStringTuple_
                                                                                                                                                                                                  • String ID: result
                                                                                                                                                                                                  • API String ID: 2162364271-325763347
                                                                                                                                                                                                  • Opcode ID: 4cec6cef12b53bdbeb5f8dc1b09f4298dac28b4045d4d1e57bcfb86b228623e1
                                                                                                                                                                                                  • Instruction ID: 32b1951e195f8e9311d5e61e1b20516c04a58d76a5b5588f3812e074ee5735d2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cec6cef12b53bdbeb5f8dc1b09f4298dac28b4045d4d1e57bcfb86b228623e1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DF0C971B06642AAEF199F15C86927823A0FF8CB84FD54434C60D873E0CF7DA4A6CB24
                                                                                                                                                                                                  Function 00007FF8A80BE570 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000002.00000002.2228157968.00007FF8A80B1000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A80B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228138548.00007FF8A80B0000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228192184.00007FF8A80CC000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228213869.00007FF8A80D9000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000002.00000002.2228235754.00007FF8A80DF000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff8a80b0000_WVuXCNNYG0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Arg_Err_NoneParseSizeTuple_
                                                                                                                                                                                                  • String ID: i:_testfunc
                                                                                                                                                                                                  • API String ID: 3294110026-2179347680
                                                                                                                                                                                                  • Opcode ID: 1f52de62a1cd60aaddd131ee0ce51f825f6e8d6aaecd181c1331260fdbbf3fd6
                                                                                                                                                                                                  • Instruction ID: d159d299e1811e5d616f86db3e401313e3aaee50c56d0f8488c73850dedb8a47
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f52de62a1cd60aaddd131ee0ce51f825f6e8d6aaecd181c1331260fdbbf3fd6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DF065A1B0E902A1EE049F15E8941782361FF84BC4F915431D60D432E4DF7CD4A5C724