Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lz4wnSavmK.exe

Overview

General Information

Sample name:lz4wnSavmK.exe
renamed because original name is a hash value
Original sample name:751a7a40b57d187a0b51d92c550e1309.exe
Analysis ID:1570262
MD5:751a7a40b57d187a0b51d92c550e1309
SHA1:70e2bea90cf8571b803d18cfaf3bbe671f4de515
SHA256:fdbefb2cfbcddbae6f870be9c5bf65266f8775e61422b24bbab0bf36555139ff
Tags:exeuser-abuse_ch
Infos:

Detection

Python Stealer
Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Generic Python Stealer
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • lz4wnSavmK.exe (PID: 7252 cmdline: "C:\Users\user\Desktop\lz4wnSavmK.exe" MD5: 751A7A40B57D187A0B51D92C550E1309)
    • lz4wnSavmK.exe (PID: 7300 cmdline: "C:\Users\user\Desktop\lz4wnSavmK.exe" MD5: 751A7A40B57D187A0B51D92C550E1309)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: lz4wnSavmK.exe PID: 7300JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: lz4wnSavmK.exeReversingLabs: Detection: 42%
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B1EE2 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE013B1EE2
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B231F ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,1_2_00007FFE013B231F
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013F58F0 CRYPTO_free,1_2_00007FFE013F58F0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B1087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,1_2_00007FFE013B1087
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013F3C30 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,1_2_00007FFE013F3C30
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE01413A90 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,1_2_00007FFE01413A90
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013C1AA0 CRYPTO_free,CRYPTO_strndup,1_2_00007FFE013C1AA0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013BFB00 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,1_2_00007FFE013BFB00
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013FFB00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE013FFB00
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013E3B10 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE013E3B10
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B12D0 CRYPTO_THREAD_run_once,1_2_00007FFE013B12D0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013BFDB0 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,1_2_00007FFE013BFDB0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013C9D50 CRYPTO_free,CRYPTO_strdup,1_2_00007FFE013C9D50
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B176C CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,1_2_00007FFE013B176C
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013DDDC0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,1_2_00007FFE013DDDC0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B11E0 EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,1_2_00007FFE013B11E0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B108C ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE013B108C
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE01407DE0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE01407DE0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B25EF CRYPTO_malloc,ERR_new,ERR_set_debug,memmove,ERR_new,ERR_set_debug,1_2_00007FFE013B25EF
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013D5DE0 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE013D5DE0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B157D CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFE013B157D
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013C7CB0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFE013C7CB0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE0140FCC0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE0140FCC0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B2536 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE013B2536
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B144C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memmove,memmove,1_2_00007FFE013B144C
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013D5F90 CRYPTO_free,CRYPTO_free,1_2_00007FFE013D5F90
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B1D8E CRYPTO_free,CRYPTO_memdup,1_2_00007FFE013B1D8E
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B1B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE013B1B31
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE0140FF50 CRYPTO_free,CRYPTO_strndup,1_2_00007FFE0140FF50
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B1ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memmove,memmove,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memmove,ERR_new,memmove,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,1_2_00007FFE013B1ACD
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
    Source: lz4wnSavmK.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: lz4wnSavmK.exe, 00000001.00000002.1788703663.00007FFDFB684000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: cryptography_rust.pdbc source: lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:33:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: lz4wnSavmK.exe, 00000001.00000002.1787982916.00007FFDFB122000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: lz4wnSavmK.exe, 00000001.00000002.1787982916.00007FFDFB122000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: crypto\bn\bn_ctx.cBN_CTX_startBN_CTX_getossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcrypto\evp\digest.cevp_md_ctx_new_exevp_md_ctx_free_algctxevp_md_init_internalEVP_DigestUpdatesizeEVP_DigestFinal_exassertion failed: mdsize <= EVP_MAX_MD_SIZEEVP_DigestFinalXOFxoflenEVP_MD_CTX_copy_exEVP_MD_CTX_ctrlmicalgssl3-msblocksizexofalgid-absentevp_md_from_algorithmupdatecrypto\evp\m_sigver.cUNDEFdo_sigver_initEVP_DigestSignUpdateEVP_DigestVerifyUpdateEVP_DigestSignFinalEVP_DigestSignEVP_DigestVerifyFinalEVP_DigestVerifycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Fri Oct 18 00:15:00 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794842353.00007FFE120C6000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\engine\tb_digest.cENGINE_get_digestcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: lz4wnSavmK.exe, 00000000.00000003.1684434492.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1795550062.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: lz4wnSavmK.exe, 00000000.00000003.1684434492.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1795550062.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: lz4wnSavmK.exe, 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: lz4wnSavmK.exe, 00000001.00000002.1791049944.00007FFE012F1000.00000002.00000001.01000000.00000027.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: lz4wnSavmK.exe, 00000001.00000002.1791049944.00007FFE012F1000.00000002.00000001.01000000.00000027.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: lz4wnSavmK.exe, 00000000.00000003.1684544808.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794092458.00007FFE11075000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: lz4wnSavmK.exe, 00000000.00000003.1698076537.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1795257794.00007FFE13203000.00000002.00000001.01000000.0000000E.sdmp, select.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: lz4wnSavmK.exe, 00000001.00000002.1795361278.00007FFE13221000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794312623.00007FFE11507000.00000002.00000001.01000000.0000000B.sdmp, _hashlib.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: D:\a\1\b\libssl-3.pdbEE source: lz4wnSavmK.exe, 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794421790.00007FFE1153C000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1793742340.00007FFE101D8000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794204498.00007FFE110F2000.00000002.00000001.01000000.00000023.sdmp, _uuid.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: lz4wnSavmK.exe, 00000001.00000002.1793861068.00007FFE10252000.00000002.00000001.01000000.00000010.sdmp, pyexpat.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1795054356.00007FFE12E13000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794421790.00007FFE1153C000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794952052.00007FFE126CD000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1795157387.00007FFE130C4000.00000002.00000001.01000000.0000000F.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: lz4wnSavmK.exe, 00000001.00000002.1791188852.00007FFE01323000.00000002.00000001.01000000.00000026.sdmp, win32api.pyd.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: lz4wnSavmK.exe, 00000001.00000002.1791188852.00007FFE01323000.00000002.00000001.01000000.00000026.sdmp, win32api.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1793983444.00007FFE10309000.00000002.00000001.01000000.0000000D.sdmp, _socket.pyd.0.dr
    Source: Binary string: cryptography_rust.pdb source: lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1795157387.00007FFE130C4000.00000002.00000001.01000000.0000000F.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: lz4wnSavmK.exe, 00000001.00000002.1793465071.00007FFE0EB2F000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779477181.0000023D1BF70000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: lz4wnSavmK.exe, 00000000.00000003.1684544808.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794092458.00007FFE11075000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: lz4wnSavmK.exe, 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: lz4wnSavmK.exe, 00000001.00000002.1793578231.00007FFE0EB4D000.00000002.00000001.01000000.00000012.sdmp, _ssl.pyd.0.dr
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6392F0 FindFirstFileExW,FindClose,0_2_00007FF77C6392F0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6383B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF77C6383B0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6518E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF77C6518E4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6392F0 FindFirstFileExW,FindClose,1_2_00007FF77C6392F0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6518E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF77C6518E4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6383B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF77C6383B0
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: unknownTCP traffic detected without corresponding DNS query: 163.5.242.208
    Source: global trafficHTTP traffic detected: GET /qweqwe_token.txt HTTP/1.1Host: 163.5.242.208User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
    Source: global trafficHTTP traffic detected: GET /5626872516_chatid.txt HTTP/1.1Host: 163.5.242.208User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: - https://www.facebook.com/groups/ equals www.facebook.com (Facebook)
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: d- https://www.facebook.com/groups/ equals www.facebook.com (Facebook)
    Source: lz4wnSavmK.exe, 00000001.00000002.1781339387.0000023D1EE10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
    Source: lz4wnSavmK.exe, 00000001.00000002.1784295979.0000023D20080000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781084199.0000023D1E9F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://163.5.242.208/5626872516_chatid.txt
    Source: lz4wnSavmK.exe, 00000001.00000002.1781084199.0000023D1E9F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://163.5.242.208/5626872516_chatid.txtsl-modulesd
    Source: lz4wnSavmK.exe, 00000001.00000002.1785350801.0000023D20210000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781084199.0000023D1E9F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://163.5.242.208/qweqwe_token.txt
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E56F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F1FB000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1782074997.0000023D1F3FD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
    Source: lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
    Source: lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.coY
    Source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1696189104.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783C3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783BD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686968995.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685496067.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783C3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704156864.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1696189104.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783C3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783BD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686968995.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685496067.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704156864.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1696189104.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783BD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686968995.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685496067.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704156864.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686830794.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1696189104.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783BD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686968995.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685496067.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783C3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704156864.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: lz4wnSavmK.exe, 00000001.00000003.1717792025.0000023D1E32C000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1716706926.0000023D1E32C000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E502000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E327000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1720252703.0000023D1E327000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722484250.0000023D1E327000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E502000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1719678017.0000023D1E52F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
    Source: lz4wnSavmK.exe, 00000001.00000003.1715669459.0000023D1E404000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1715669459.0000023D1E3B5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1717190054.0000023D1E40E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1723480325.0000023D1DEAA000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722821384.0000023D1DE8B000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1717592828.0000023D1DEB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E56F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
    Source: lz4wnSavmK.exe, 00000001.00000002.1779810317.0000023D1DC40000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E4A2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
    Source: lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlZ
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E56F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
    Source: lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlK
    Source: lz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E56F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
    Source: lz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E56F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
    Source: lz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
    Source: lz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
    Source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1696189104.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783C3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783BD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686968995.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685496067.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783C3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704156864.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1696189104.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783C3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783BD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686968995.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685496067.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704156864.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1696189104.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783BD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686968995.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685496067.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704156864.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686830794.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1696189104.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783C3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783BD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686968995.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685496067.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704156864.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E56F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
    Source: lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F1FB000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
    Source: lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F331000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1783100518.0000023D1F870000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F1FB000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E502000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F070000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1783388416.0000023D1FA00000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1783857686.0000023D1FE80000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781339387.0000023D1EE10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
    Source: lz4wnSavmK.exe, 00000001.00000002.1781339387.0000023D1EE10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
    Source: lz4wnSavmK.exe, 00000001.00000002.1781277030.0000023D1ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
    Source: lz4wnSavmK.exe, 00000001.00000003.1717572102.0000023D1DF45000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1718708610.0000023D1DF45000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780951794.0000023D1E7D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
    Source: lz4wnSavmK.exe, 00000001.00000003.1717256810.0000023D1DF5C000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780951794.0000023D1E7D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
    Source: lz4wnSavmK.exe, 00000001.00000003.1717256810.0000023D1DF5C000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780951794.0000023D1E7D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
    Source: lz4wnSavmK.exe, 00000001.00000002.1783388416.0000023D1FA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
    Source: lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
    Source: lz4wnSavmK.exe, 00000001.00000003.1722653466.0000023D1E5E3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E5E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
    Source: lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
    Source: lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F1C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/post
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json
    Source: lz4wnSavmK.exe, 00000001.00000002.1783388416.0000023D1FA00000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F303000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
    Source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1696189104.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783C3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783BD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686968995.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685496067.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704156864.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
    Source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1696189104.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783BD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686968995.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685496067.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783C3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704156864.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1696189104.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783C3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783BD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686968995.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685496067.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783C3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704156864.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
    Source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1696189104.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783BD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686968995.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685496067.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704156864.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686830794.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: lz4wnSavmK.exe, 00000001.00000003.1712464663.0000023D1E2D0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780889027.0000023D1E6B0000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780284238.0000023D1E180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
    Source: lz4wnSavmK.exe, 00000001.00000002.1781407808.0000023D1EF60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://python.org
    Source: lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F1FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python.org/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781407808.0000023D1EF60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://python.org:80
    Source: lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E5E3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
    Source: lz4wnSavmK.exe, 00000001.00000002.1782074997.0000023D1F3FD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F1C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
    Source: lz4wnSavmK.exe, 00000001.00000002.1783857686.0000023D1FE80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
    Source: lz4wnSavmK.exe, 00000001.00000002.1782074997.0000023D1F3FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
    Source: lz4wnSavmK.exe, 00000001.00000002.1781339387.0000023D1EE10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
    Source: lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F38B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlcb
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
    Source: lz4wnSavmK.exe, 00000000.00000003.1698242863.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
    Source: lz4wnSavmK.exe, 00000000.00000003.1700057587.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1698242863.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1698242863.000001A0783C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: lz4wnSavmK.exe, 00000001.00000002.1780889027.0000023D1E6B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E5F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/y
    Source: lz4wnSavmK.exe, 00000001.00000002.1782074997.0000023D1F3FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
    Source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1696189104.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783C3000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783BD000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686968995.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685496067.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1692936777.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1704156864.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
    Source: lz4wnSavmK.exe, 00000001.00000003.1720553120.0000023D1E3F6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722484250.0000023D1E3F6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E3F6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1718445479.0000023D1E3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
    Source: lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
    Source: lz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
    Source: lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F38B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E3A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E5F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://127.0.0
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781407808.0000023D1EF60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://127.0.0.1:8443
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://account.riotgames.com/api/account/v1/user
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.reddit.com/api/access_token
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServer
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.hypixel.net/player?key=aa5d84c7-f617-4069-9e64-ae177cd7b869&uuid=
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.namemc.com/profile/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/IPlayerService/GetOwnedGames/v0001/?key=440D7F4D810EF9298D25EDDF37C1F90
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/IPlayerService/GetSteamLevel/v1/?key=440D7F4D810EF9298D25EDDF37C1F902&s
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=440D7F4D810EF9298D25EDDF37C1F9
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://battle.net
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://blog.jaraco.com/skeleton
    Source: lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1783388416.0000023D1FA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue37179
    Source: lz4wnSavmK.exe, 00000001.00000002.1781084199.0000023D1E9F0000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781015744.0000023D1E8D0000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1719678017.0000023D1E4A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://catbox.moe/user/api.php
    Source: lz4wnSavmK.exe, lz4wnSavmK.exe, 00000001.00000002.1790535718.00007FFE002BC000.00000002.00000001.01000000.0000002A.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crafatar.com/skins/
    Source: lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io
    Source: lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/
    Source: lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/changelog/
    Source: lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
    Source: lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/installation/
    Source: lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/security/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781407808.0000023D1EF60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.3
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/users/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/guilds/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/users/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.gg/
    Source: lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1783388416.0000023D1FA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/customizi
    Source: lz4wnSavmK.exe, 00000001.00000003.1713760386.0000023D1E03A000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722821384.0000023D1DF3D000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1712804975.0000023D1E03A000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1714144801.0000023D1E039000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1714798755.0000023D1E039000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1716248069.0000023D1E039000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710604007.0000023D1E052000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1712247311.0000023D1E03A000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1711581460.0000023D1E04C000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1717256810.0000023D1E036000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1718708610.0000023D1E004000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
    Source: lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F1C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F070000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1783388416.0000023D1FA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop.html
    Source: lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779614953.0000023D1D8F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
    Source: lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779614953.0000023D1D96C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
    Source: lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779614953.0000023D1D96C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
    Source: lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779614953.0000023D1D96C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
    Source: lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779614953.0000023D1D96C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
    Source: lz4wnSavmK.exe, 00000001.00000002.1779734852.0000023D1DB40000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
    Source: lz4wnSavmK.exe, 00000001.00000002.1779734852.0000023D1DB40000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
    Source: lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779614953.0000023D1D96C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
    Source: lz4wnSavmK.exe, 00000001.00000003.1708416694.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1708780612.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710995990.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1709094694.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779502514.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
    Source: lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1720252703.0000023D1E300000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722484250.0000023D1E2F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ebay.com
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://epicgames.com
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://file.io/
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://filepreviews.io/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://friends.roblox.com/v1/users/
    Source: lz4wnSavmK.exe, 00000001.00000002.1780951794.0000023D1E7D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com
    Source: lz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1723458510.0000023D1E685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
    Source: lz4wnSavmK.exe, 00000001.00000002.1779810317.0000023D1DC40000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1708416694.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1708780612.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710995990.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1709094694.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779502514.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
    Source: lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1783388416.0000023D1FA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/aio-libs/aiohttp/discussions/6044
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/astral-sh/ruff
    Source: lz4wnSavmK.exe, 00000001.00000002.1783857686.0000023D1FE80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
    Source: lz4wnSavmK.exe, 00000001.00000002.1780951794.0000023D1E7D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
    Source: lz4wnSavmK.exe, lz4wnSavmK.exe, 00000001.00000002.1791231645.00007FFE01331000.00000002.00000001.01000000.00000026.sdmp, lz4wnSavmK.exe, 00000001.00000002.1791115156.00007FFE01302000.00000002.00000001.01000000.00000027.sdmp, win32api.pyd.0.dr, pywintypes312.dll.0.drString found in binary or memory: https://github.com/mhammond/pywin32
    Source: lz4wnSavmK.exe, 00000001.00000002.1780951794.0000023D1E7D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
    Source: lz4wnSavmK.exe, 00000001.00000002.1781407808.0000023D1EF60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
    Source: lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography
    Source: lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/
    Source: lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
    Source: lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
    Source: lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
    Source: lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/9253
    Source: lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
    Source: lz4wnSavmK.exe, 00000000.00000003.1700587052.000001A0783B9000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
    Source: lz4wnSavmK.exe, 00000001.00000002.1780889027.0000023D1E6B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
    Source: lz4wnSavmK.exe, 00000001.00000002.1781149147.0000023D1EAF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
    Source: lz4wnSavmK.exe, 00000001.00000002.1781015744.0000023D1E8D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
    Source: lz4wnSavmK.exe, 00000001.00000002.1781084199.0000023D1E9F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
    Source: lz4wnSavmK.exe, 00000000.00000003.1700587052.000001A0783B9000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://github.com/pypa/wheel
    Source: lz4wnSavmK.exe, 00000000.00000003.1700587052.000001A0783B9000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://github.com/pypa/wheel/issues
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687956062.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs)
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687956062.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/blob/main/.github/CONTRIBUTING.md)
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687956062.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1328)
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687956062.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1329)
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687956062.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/issues/1330)
    Source: lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F1C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/136
    Source: lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/251
    Source: lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F1C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/428
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687956062.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python-attrs/attrs/wiki/Extensions-to-attrs)
    Source: lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779614953.0000023D1D96C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
    Source: lz4wnSavmK.exe, 00000001.00000002.1779502514.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
    Source: lz4wnSavmK.exe, 00000001.00000002.1779810317.0000023D1DC40000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1708416694.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1708780612.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710995990.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1709094694.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779502514.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
    Source: lz4wnSavmK.exe, 00000001.00000003.1714144801.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1718708610.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1711640674.0000023D1DEBB000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722821384.0000023D1DF3D000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1717256810.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1713760386.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1715779434.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1712146990.0000023D1E310000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1711302743.0000023D1E310000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1713115040.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
    Source: lz4wnSavmK.exe, 00000001.00000002.1783100518.0000023D1F870000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/pull/118960
    Source: lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1783388416.0000023D1FA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/pull/28073
    Source: METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata/issues
    Source: METADATA0.0.drString found in binary or memory: https://github.com/sponsors/hynek
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/sponsors/hynek).
    Source: lz4wnSavmK.exe, 00000001.00000002.1779810317.0000023D1DC40000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1708416694.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1708780612.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710995990.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1709094694.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779502514.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
    Source: lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E5F9000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E502000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
    Source: lz4wnSavmK.exe, 00000001.00000002.1781277030.0000023D1ECF0000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1723458510.0000023D1E685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
    Source: lz4wnSavmK.exe, 00000001.00000002.1781339387.0000023D1EE10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E56F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779810317.0000023D1DC68000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722653466.0000023D1E572000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1723458510.0000023D1E685000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722484250.0000023D1E2F8000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E56F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722653466.0000023D1E572000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722484250.0000023D1E2F8000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
    Source: lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E4A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gql.twitch.tv/gql
    Source: lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E5F9000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E5F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
    Source: lz4wnSavmK.exe, 00000001.00000003.1723458510.0000023D1E685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781339387.0000023D1EE10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
    Source: lz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://hynek.me/articles/import-attrs/)
    Source: lz4wnSavmK.exe, 00000001.00000002.1781149147.0000023D1EAF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.instagram.com/api/v1/accounts/current_user/?edit=true
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.instagram.com/api/v1/users/
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
    Source: lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
    Source: METADATA.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
    Source: lz4wnSavmK.exe, 00000001.00000002.1780889027.0000023D1E6B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://inventory.roblox.com/v1/users/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/json
    Source: lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://klaviyo.com/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://krakenfiles.com/api/v1/file/upload
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://leagueoflegends.com
    Source: lz4wnSavmK.exe, 00000001.00000003.1717792025.0000023D1E2BA000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1717230741.0000023D1E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
    Source: lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
    Source: lz4wnSavmK.exe, 00000001.00000002.1782074997.0000023D1F3FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST
    Source: lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauth.reddit.com/api/v1/me
    Source: lz4wnSavmK.exe, 00000001.00000002.1781149147.0000023D1EAF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781149147.0000023D1EAF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781149147.0000023D1EAF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/All
    Source: lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1723480325.0000023D1DEAA000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722821384.0000023D1DE8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
    Source: lz4wnSavmK.exe, 00000001.00000002.1781149147.0000023D1EAF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://paypal.com
    Source: lz4wnSavmK.exe, 00000001.00000002.1780284238.0000023D1E180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
    Source: lz4wnSavmK.exe, 00000001.00000002.1788703663.00007FFDFB684000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687956062.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://peps.python.org/pep-0649/)
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687956062.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://peps.python.org/pep-0749/)-implementing
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://playstation.com
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687956062.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://pypi.org/project/attrs/)
    Source: lz4wnSavmK.exe, 00000001.00000002.1781149147.0000023D1EAF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
    Source: lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/cryptography/
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/importlib_metadata
    Source: lz4wnSavmK.exe, 00000000.00000003.1700587052.000001A0783B9000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://pypi.org/project/setuptools/
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://raw.githubusercontent.com/python-attrs/attrs/main/docs/_static/attrs_logo.svg
    Source: lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reddit.com
    Source: lz4wnSavmK.exe, 00000001.00000002.1780951794.0000023D1E7D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
    Source: lz4wnSavmK.exe, 00000001.00000002.1781407808.0000023D1EF60000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
    Source: lz4wnSavmK.exe, 00000001.00000002.1781407808.0000023D1EF60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.ioe
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://riotgames.com
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://s.optifine.net/capes/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781149147.0000023D1EAF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
    Source: lz4wnSavmK.exe, 00000001.00000003.1711866250.0000023D1DEE1000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1711640674.0000023D1DEBB000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710105519.0000023D1E052000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1713115040.0000023D1DED7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
    Source: lz4wnSavmK.exe, 00000001.00000003.1714144801.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1711360568.0000023D1DFE8000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1718708610.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722821384.0000023D1DF3D000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710105519.0000023D1E052000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1717256810.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1713760386.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710196493.0000023D1DF1A000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1715779434.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710158772.0000023D1DFEC000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710792075.0000023D1DFE8000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1711360568.0000023D1DFB9000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1713115040.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710792075.0000023D1DFB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
    Source: lz4wnSavmK.exe, 00000001.00000002.1780216940.0000023D1E080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
    Source: lz4wnSavmK.exe, 00000001.00000003.1710105519.0000023D1E052000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710105519.0000023D1DFFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:
    Source: lz4wnSavmK.exe, 00000001.00000003.1710105519.0000023D1E052000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710105519.0000023D1DFFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;Nr
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://skype.com
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://spotify.com
    Source: lz4wnSavmK.exe, 00000001.00000002.1783857686.0000023D1FE80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687956062.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://stackoverflow.com/questions/tagged/python-attrs)
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/blxstealer
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687956062.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).
    Source: lz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
    Source: METADATA.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E502000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
    Source: lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F1FB000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
    Source: lz4wnSavmK.exe, 00000001.00000002.1782074997.0000023D1F3FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
    Source: lz4wnSavmK.exe, 00000001.00000003.1722821384.0000023D1DF3D000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1718708610.0000023D1DF3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitch.tv
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779810317.0000023D1DC68000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1723458510.0000023D1E685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/home
    Source: lz4wnSavmK.exe, 00000001.00000002.1781149147.0000023D1EAF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/i/api/1.1/account/update_profile.json
    Source: lz4wnSavmK.exe, 00000001.00000002.1781149147.0000023D1EAF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/i/api/1.1/account/update_profile.jsonc
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uguu.se/api.php?d=upload
    Source: lz4wnSavmK.exe, 00000001.00000003.1722653466.0000023D1E572000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uguu.se/api.php?d=uploadr
    Source: lz4wnSavmK.exe, 00000001.00000002.1781339387.0000023D1EE10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
    Source: lz4wnSavmK.exe, 00000001.00000002.1781277030.0000023D1ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://users.roblox.com/v1/users/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webcast.tiktok.com/webcast/wallet_api/diamond_buy/permission/?aid=1988
    Source: METADATA2.0.drString found in binary or memory: https://wheel.readthedocs.io/
    Source: lz4wnSavmK.exe, 00000000.00000003.1700587052.000001A0783B9000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
    Source: lz4wnSavmK.exe, 00000001.00000003.1715669459.0000023D1E404000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1715669459.0000023D1E3B5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1717190054.0000023D1E40E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1720252703.0000023D1E300000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722484250.0000023D1E2F8000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1717792025.0000023D1E300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
    Source: lz4wnSavmK.exe, 00000000.00000003.1689479571.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
    Source: lz4wnSavmK.exe, 00000000.00000003.1689479571.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1689479571.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1689554134.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
    Source: METADATA0.0.drString found in binary or memory: https://www.attrs.org/
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687956062.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/)
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/FilePreviews.svg
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Klaviyo.svg
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Tidelift.svg
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Variomedia.svg
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/latest/names.html)
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/changelog.html
    Source: METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/changelog.html)
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/comparison.html#customization)
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/init.html#hooking-yourself-into-initialization)
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.attrs.org/en/stable/why.html#data-classes)
    Source: lz4wnSavmK.exe, 00000001.00000002.1779734852.0000023D1DB40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/3clo0b3x6nfajqm27kvx6/exodus.asar?rlkey=200tiyus0rc0u3u4j9kf517l0&st=
    Source: lz4wnSavmK.exe, 00000001.00000002.1779734852.0000023D1DB40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/xtt2n593d5n4svefktjhy/atomic.asar?rlkey=5refutaevle4aapp0p6hgn7q1&st=
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.guilded.gg/api/me
    Source: lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F1FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
    Source: lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmp, lz4wnSavmK.exe, 00000001.00000002.1788326331.00007FFDFB263000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.openssl.org/H
    Source: lz4wnSavmK.exe, 00000001.00000002.1781149147.0000023D1EAF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.patreon.com/api/current_user?include=connected_socials%2Ccampaign.connected_socials&json
    Source: lz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
    Source: lz4wnSavmK.exe, 00000001.00000003.1717792025.0000023D1E2BA000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1717230741.0000023D1E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
    Source: lz4wnSavmK.exe, 00000000.00000003.1700587052.000001A0783B9000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://www.python.org/dev/peps/pep-0427/
    Source: lz4wnSavmK.exe, 00000001.00000002.1779614953.0000023D1D8F0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/ftp/python/3.12.6/python-3.12.6-amd64.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1789161726.00007FFDFB7F4000.00000008.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/
    Source: lz4wnSavmK.exe, 00000001.00000002.1788703663.00007FFDFB684000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/)
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/user/
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E502000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.roblox.com/mobileapi/userinfo
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.spotify.com/api/account-settings/v1/profile
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.spotify.com/eg-en/api/account/v1/datalayer/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/api/user/list/?count=1&minCursor=0&scene=67&secUid=
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/passport/web/account/info/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.twitch.tv/
    Source: lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.variomedia.de/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/(
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E56F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xbox.com
    Source: lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E56F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722653466.0000023D1E572000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722484250.0000023D1E2F8000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6310000_2_00007FF77C631000
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6509380_2_00007FF77C650938
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6569D40_2_00007FF77C6569D4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C638BD00_2_00007FF77C638BD0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C655C700_2_00007FF77C655C70
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C63AD1D0_2_00007FF77C63AD1D
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6436100_2_00007FF77C643610
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C64E5E00_2_00007FF77C64E5E0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C641DC40_2_00007FF77C641DC4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C645DA00_2_00007FF77C645DA0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C649F100_2_00007FF77C649F10
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C655EEC0_2_00007FF77C655EEC
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C64DF600_2_00007FF77C64DF60
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6488040_2_00007FF77C648804
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C641FD00_2_00007FF77C641FD0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6417B00_2_00007FF77C6417B0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6597980_2_00007FF77C659798
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6398700_2_00007FF77C639870
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6518E40_2_00007FF77C6518E4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6481540_2_00007FF77C648154
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C65411C0_2_00007FF77C65411C
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C643A140_2_00007FF77C643A14
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6421D40_2_00007FF77C6421D4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6419B40_2_00007FF77C6419B4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C64DACC0_2_00007FF77C64DACC
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C63A34B0_2_00007FF77C63A34B
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C641BC00_2_00007FF77C641BC0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6564880_2_00007FF77C656488
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6509380_2_00007FF77C650938
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C642C800_2_00007FF77C642C80
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C653C800_2_00007FF77C653C80
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C63A4E40_2_00007FF77C63A4E4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6310001_2_00007FF77C631000
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6569D41_2_00007FF77C6569D4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C63AD1D1_2_00007FF77C63AD1D
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6436101_2_00007FF77C643610
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C64E5E01_2_00007FF77C64E5E0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C641DC41_2_00007FF77C641DC4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C645DA01_2_00007FF77C645DA0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C649F101_2_00007FF77C649F10
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C655EEC1_2_00007FF77C655EEC
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C64DF601_2_00007FF77C64DF60
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6488041_2_00007FF77C648804
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C641FD01_2_00007FF77C641FD0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6417B01_2_00007FF77C6417B0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6597981_2_00007FF77C659798
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6398701_2_00007FF77C639870
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6518E41_2_00007FF77C6518E4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6481541_2_00007FF77C648154
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6509381_2_00007FF77C650938
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C65411C1_2_00007FF77C65411C
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C643A141_2_00007FF77C643A14
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6421D41_2_00007FF77C6421D4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6419B41_2_00007FF77C6419B4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C64DACC1_2_00007FF77C64DACC
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C63A34B1_2_00007FF77C63A34B
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C638BD01_2_00007FF77C638BD0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C641BC01_2_00007FF77C641BC0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6564881_2_00007FF77C656488
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6509381_2_00007FF77C650938
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C642C801_2_00007FF77C642C80
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C653C801_2_00007FF77C653C80
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C655C701_2_00007FF77C655C70
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C63A4E41_2_00007FF77C63A4E4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAAF12F01_2_00007FFDFAAF12F0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAAF18A01_2_00007FFDFAAF18A0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC1AAB01_2_00007FFDFAC1AAB0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFACA4AB01_2_00007FFDFACA4AB0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC89A701_2_00007FFDFAC89A70
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC71A801_2_00007FFDFAC71A80
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC96BE01_2_00007FFDFAC96BE0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC2BB701_2_00007FFDFAC2BB70
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFACC2B901_2_00007FFDFACC2B90
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC559301_2_00007FFDFAC55930
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC169481_2_00007FFDFAC16948
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFACC08A01_2_00007FFDFACC08A0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC6F8901_2_00007FFDFAC6F890
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC30A501_2_00007FFDFAC30A50
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFACC39601_2_00007FFDFACC3960
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC1E9801_2_00007FFDFAC1E980
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFACC4F201_2_00007FFDFACC4F20
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC3BF401_2_00007FFDFAC3BF40
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFACB6EF01_2_00007FFDFACB6EF0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC18F101_2_00007FFDFAC18F10
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC7DE701_2_00007FFDFAC7DE70
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFACB5FB01_2_00007FFDFACB5FB0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC94FD01_2_00007FFDFAC94FD0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC80FC01_2_00007FFDFAC80FC0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC32D201_2_00007FFDFAC32D20
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC16D421_2_00007FFDFAC16D42
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC28CF01_2_00007FFDFAC28CF0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC13CA01_2_00007FFDFAC13CA0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC69CD01_2_00007FFDFAC69CD0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC37C901_2_00007FFDFAC37C90
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC68DF01_2_00007FFDFAC68DF0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFACB2DE01_2_00007FFDFACB2DE0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC57E101_2_00007FFDFAC57E10
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC1FD601_2_00007FFDFAC1FD60
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC2B3101_2_00007FFDFAC2B310
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC843101_2_00007FFDFAC84310
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC352D01_2_00007FFDFAC352D0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC362C01_2_00007FFDFAC362C0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC282901_2_00007FFDFAC28290
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC984301_2_00007FFDFAC98430
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC3D3F01_2_00007FFDFAC3D3F0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC973F01_2_00007FFDFAC973F0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC164001_2_00007FFDFAC16400
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC9A3A01_2_00007FFDFAC9A3A0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC9E3D01_2_00007FFDFAC9E3D0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC533701_2_00007FFDFAC53370
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC7F3601_2_00007FFDFAC7F360
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC143901_2_00007FFDFAC14390
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC211201_2_00007FFDFAC21120
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC140F01_2_00007FFDFAC140F0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFACBB0F01_2_00007FFDFACBB0F0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC740D01_2_00007FFDFAC740D0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFACBD0D01_2_00007FFDFACBD0D0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC270C01_2_00007FFDFAC270C0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFACC60901_2_00007FFDFACC6090
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFACB20801_2_00007FFDFACB2080
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFACB12501_2_00007FFDFACB1250
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF3F1FB01_2_00007FFDFF3F1FB0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF3F23E01_2_00007FFDFF3F23E0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6945C01_2_00007FFDFF6945C0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6948101_2_00007FFDFF694810
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6A3A301_2_00007FFDFF6A3A30
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6A33001_2_00007FFDFF6A3300
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6C29B01_2_00007FFDFF6C29B0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6C2EB01_2_00007FFDFF6C2EB0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6C35201_2_00007FFDFF6C3520
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6C24901_2_00007FFDFF6C2490
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6C1D701_2_00007FFDFF6C1D70
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6C1FE01_2_00007FFDFF6C1FE0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6D1D301_2_00007FFDFF6D1D30
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6D21201_2_00007FFDFF6D2120
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6E1F001_2_00007FFDFF6E1F00
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6E21E01_2_00007FFDFF6E21E0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013DBD801_2_00007FFE013DBD80
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013FDE301_2_00007FFE013FDE30
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013F5DC01_2_00007FFE013F5DC0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: String function: 00007FFDFAC19D60 appears 133 times
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: String function: 00007FFE0142CDA1 appears 153 times
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: String function: 00007FF77C632710 appears 104 times
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: String function: 00007FFE0142CD8F appears 46 times
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: String function: 00007FFDFAC18E10 appears 103 times
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: String function: 00007FF77C632910 appears 34 times
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: String function: 00007FFE013B132A appears 71 times
    Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: python3.dll.0.drStatic PE information: No import functions for PE file found
    Source: lz4wnSavmK.exe, 00000000.00000003.1684434492.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1694240825.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1686968995.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1684544808.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1685496067.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1704156864.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1685655997.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1705156674.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1686830794.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1697953714.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes312.dll0 vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1698076537.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000000.00000003.1695047571.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exeBinary or memory string: OriginalFilename vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamelibsslH vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1779477181.0000023D1BF70000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1794353406.00007FFE1150E000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1795402257.00007FFE1322C000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1793908994.00007FFE1025D000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1789650589.00007FFDFB91D000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1791231645.00007FFE01331000.00000002.00000001.01000000.00000026.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1791115156.00007FFE01302000.00000002.00000001.01000000.00000027.sdmpBinary or memory string: OriginalFilenamepywintypes312.dll0 vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1793510487.00007FFE0EB3B000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1788326331.00007FFDFB263000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1793788120.00007FFE101DF000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1794993187.00007FFE126D2000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1795198383.00007FFE130C7000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1795297674.00007FFE13206000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1794135288.00007FFE11079000.00000002.00000001.01000000.00000028.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1794885178.00007FFE120CB000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1794026601.00007FFE10313000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1794247394.00007FFE110F4000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1793675468.00007FFE0EB69000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1795593880.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1795095740.00007FFE12E16000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs lz4wnSavmK.exe
    Source: lz4wnSavmK.exe, 00000001.00000002.1794486341.00007FFE11545000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs lz4wnSavmK.exe
    Source: classification engineClassification label: mal52.troj.winEXE@3/109@0/2
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522Jump to behavior
    Source: lz4wnSavmK.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: lz4wnSavmK.exe, 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
    Source: lz4wnSavmK.exe, 00000001.00000002.1781084199.0000023D1E9F0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT item1, item2 FROM metadata;
    Source: lz4wnSavmK.exe, 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
    Source: lz4wnSavmK.exe, 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
    Source: lz4wnSavmK.exe, 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
    Source: lz4wnSavmK.exe, lz4wnSavmK.exe, 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
    Source: lz4wnSavmK.exe, 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
    Source: lz4wnSavmK.exe, 00000001.00000002.1781084199.0000023D1E9F0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT a11, a102 FROM nssPrivate WHERE a102 = ?;
    Source: lz4wnSavmK.exe, 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
    Source: lz4wnSavmK.exeReversingLabs: Detection: 42%
    Source: lz4wnSavmK.exeString found in binary or memory: can't send non-None value to a just-started generator
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile read: C:\Users\user\Desktop\lz4wnSavmK.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\lz4wnSavmK.exe "C:\Users\user\Desktop\lz4wnSavmK.exe"
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeProcess created: C:\Users\user\Desktop\lz4wnSavmK.exe "C:\Users\user\Desktop\lz4wnSavmK.exe"
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeProcess created: C:\Users\user\Desktop\lz4wnSavmK.exe "C:\Users\user\Desktop\lz4wnSavmK.exe"Jump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: libffi-8.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: libcrypto-3.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: libssl-3.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: sqlite3.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: pdh.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: wtsapi32.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: pywintypes312.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
    Source: lz4wnSavmK.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: lz4wnSavmK.exeStatic file information: File size 18082384 > 1048576
    Source: lz4wnSavmK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: lz4wnSavmK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: lz4wnSavmK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: lz4wnSavmK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: lz4wnSavmK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: lz4wnSavmK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: lz4wnSavmK.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: lz4wnSavmK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: lz4wnSavmK.exe, 00000001.00000002.1788703663.00007FFDFB684000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: lz4wnSavmK.exe, 00000000.00000003.1704860498.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: cryptography_rust.pdbc source: lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:33:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: lz4wnSavmK.exe, 00000001.00000002.1787982916.00007FFDFB122000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: lz4wnSavmK.exe, 00000001.00000002.1787982916.00007FFDFB122000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: crypto\bn\bn_ctx.cBN_CTX_startBN_CTX_getossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcrypto\evp\digest.cevp_md_ctx_new_exevp_md_ctx_free_algctxevp_md_init_internalEVP_DigestUpdatesizeEVP_DigestFinal_exassertion failed: mdsize <= EVP_MAX_MD_SIZEEVP_DigestFinalXOFxoflenEVP_MD_CTX_copy_exEVP_MD_CTX_ctrlmicalgssl3-msblocksizexofalgid-absentevp_md_from_algorithmupdatecrypto\evp\m_sigver.cUNDEFdo_sigver_initEVP_DigestSignUpdateEVP_DigestVerifyUpdateEVP_DigestSignFinalEVP_DigestSignEVP_DigestVerifyFinalEVP_DigestVerifycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Fri Oct 18 00:15:00 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: lz4wnSavmK.exe, 00000000.00000003.1686573636.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794842353.00007FFE120C6000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\engine\tb_digest.cENGINE_get_digestcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: lz4wnSavmK.exe, 00000000.00000003.1684434492.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1795550062.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: lz4wnSavmK.exe, 00000000.00000003.1684434492.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1795550062.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: lz4wnSavmK.exe, 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: lz4wnSavmK.exe, 00000001.00000002.1791049944.00007FFE012F1000.00000002.00000001.01000000.00000027.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: lz4wnSavmK.exe, 00000001.00000002.1791049944.00007FFE012F1000.00000002.00000001.01000000.00000027.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: lz4wnSavmK.exe, 00000000.00000003.1686499755.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: lz4wnSavmK.exe, 00000000.00000003.1684544808.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794092458.00007FFE11075000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: lz4wnSavmK.exe, 00000000.00000003.1698076537.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1795257794.00007FFE13203000.00000002.00000001.01000000.0000000E.sdmp, select.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: lz4wnSavmK.exe, 00000001.00000002.1795361278.00007FFE13221000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: lz4wnSavmK.exe, 00000000.00000003.1685856503.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794312623.00007FFE11507000.00000002.00000001.01000000.0000000B.sdmp, _hashlib.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: D:\a\1\b\libssl-3.pdbEE source: lz4wnSavmK.exe, 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794421790.00007FFE1153C000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: lz4wnSavmK.exe, 00000000.00000003.1684626741.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1793742340.00007FFE101D8000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: lz4wnSavmK.exe, 00000000.00000003.1687080282.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794204498.00007FFE110F2000.00000002.00000001.01000000.00000023.sdmp, _uuid.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: lz4wnSavmK.exe, 00000001.00000002.1793861068.00007FFE10252000.00000002.00000001.01000000.00000010.sdmp, pyexpat.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: lz4wnSavmK.exe, 00000000.00000003.1686654453.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1795054356.00007FFE12E13000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: lz4wnSavmK.exe, 00000000.00000003.1686386630.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794421790.00007FFE1153C000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: lz4wnSavmK.exe, 00000000.00000003.1684723181.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794952052.00007FFE126CD000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1795157387.00007FFE130C4000.00000002.00000001.01000000.0000000F.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: lz4wnSavmK.exe, 00000001.00000002.1791188852.00007FFE01323000.00000002.00000001.01000000.00000026.sdmp, win32api.pyd.0.dr
    Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: lz4wnSavmK.exe, 00000001.00000002.1791188852.00007FFE01323000.00000002.00000001.01000000.00000026.sdmp, win32api.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: lz4wnSavmK.exe, 00000000.00000003.1686724846.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1793983444.00007FFE10309000.00000002.00000001.01000000.0000000D.sdmp, _socket.pyd.0.dr
    Source: Binary string: cryptography_rust.pdb source: lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: lz4wnSavmK.exe, 00000000.00000003.1687151876.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1795157387.00007FFE130C4000.00000002.00000001.01000000.0000000F.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: lz4wnSavmK.exe, 00000001.00000002.1793465071.00007FFE0EB2F000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: lz4wnSavmK.exe, 00000000.00000003.1695168851.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779477181.0000023D1BF70000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: lz4wnSavmK.exe, 00000000.00000003.1684544808.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1794092458.00007FFE11075000.00000002.00000001.01000000.00000028.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: lz4wnSavmK.exe, 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: lz4wnSavmK.exe, 00000001.00000002.1793578231.00007FFE0EB4D000.00000002.00000001.01000000.00000012.sdmp, _ssl.pyd.0.dr
    Source: lz4wnSavmK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: lz4wnSavmK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: lz4wnSavmK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: lz4wnSavmK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: lz4wnSavmK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: python312.dll.0.drStatic PE information: section name: PyRuntim
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
    Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
    Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE013B1D7B push rcx; retf 1_2_00007FFE013B1D7C
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_websocket\mask.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\libffi-8.dllJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_curve25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_uuid.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_http_parser.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\propcache\_helpers_c.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\sqlite3.dllJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\libssl-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\yarl\_quoting_c.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\multidict\_multidict.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_http_writer.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\frozenlist\_frozenlist.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\libcrypto-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\pywin32_system32\pywintypes312.dllJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_cffi_backend.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_websocket\reader_c.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\VCRUNTIME140_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_curve448.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\VCRUNTIME140.dllJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6376B0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF77C6376B0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_websocket\mask.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_curve25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_uuid.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_http_parser.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\propcache\_helpers_c.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\yarl\_quoting_c.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\multidict\_multidict.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_http_writer.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\frozenlist\_frozenlist.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_cffi_backend.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_websocket\reader_c.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_curve448.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-18278
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeAPI coverage: 1.3 %
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile Volume queried: \Device\CdRom0\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6392F0 FindFirstFileExW,FindClose,0_2_00007FF77C6392F0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6383B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF77C6383B0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6518E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF77C6518E4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6392F0 FindFirstFileExW,FindClose,1_2_00007FF77C6392F0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6518E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF77C6518E4
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C6383B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF77C6383B0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAC20180 GetSystemInfo,1_2_00007FFDFAC20180
    Source: lz4wnSavmK.exe, 00000000.00000003.1688454426.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dqemu-ga
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fvmwaretray
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vboxservice
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwareuser
    Source: lz4wnSavmK.exe, 00000001.00000002.1779502514.0000023D1C003000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmsrvc
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fvmware
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwaretray
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Tools
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: .fvboxtray
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fvmtoolsd
    Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ',.fvboxservice
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vboxtray
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: qemu-ga
    Source: lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmware
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fVMware
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Gdfvmsrvc
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmusrvc
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dvmhgfs.sys
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fqemu
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmhgfs.sys
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dVMware Tools
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmtoolsd
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fvmwareuser
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fvmusrvc
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmmouse.sys
    Source: lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dvmmouse.sys
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C64A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF77C64A684
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6534F0 GetProcessHeap,0_2_00007FF77C6534F0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C64A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF77C64A684
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C63C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF77C63C910
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C63D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF77C63D19C
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C63D37C SetUnhandledExceptionFilter,0_2_00007FF77C63D37C
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C64A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF77C64A684
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C63C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF77C63C910
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C63D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF77C63D19C
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FF77C63D37C SetUnhandledExceptionFilter,1_2_00007FF77C63D37C
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAAF3068 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFAAF3068
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAAF2AA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFAAF2AA0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFAD3CAF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFAD3CAF0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF3F1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFF3F1960
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF3F1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFF3F1390
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF691390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFF691390
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF691960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFF691960
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6A1030 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFF6A1030
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6A1A80 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFF6A1A80
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6C1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFF6C1390
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6C1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFF6C1960
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6D1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFF6D1390
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6D1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFF6D1960
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6E1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFF6E1390
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFDFF6E1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFF6E1960
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 1_2_00007FFE00281960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE00281960
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeProcess created: C:\Users\user\Desktop\lz4wnSavmK.exe "C:\Users\user\Desktop\lz4wnSavmK.exe"Jump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C6595E0 cpuid 0_2_00007FF77C6595E0
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Util VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_websocket VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\attrs-24.2.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\attrs-24.2.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\attrs-24.2.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\attrs-24.2.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\certifi VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\charset_normalizer VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\_ctypes.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\_bz2.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\_lzma.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\_hashlib.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\_socket.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\select.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\_wmi.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\pyexpat.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\jaraco VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\_queue.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\_ssl.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\_asyncio.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\_overlapped.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\_sqlite3.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeQueries volume information: C:\Users\user\Desktop\lz4wnSavmK.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C63D080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF77C63D080
    Source: C:\Users\user\Desktop\lz4wnSavmK.exeCode function: 0_2_00007FF77C655C70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF77C655C70

    Stealing of Sensitive Information

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: lz4wnSavmK.exe PID: 7300, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: lz4wnSavmK.exe PID: 7300, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
    Windows Management Instrumentation    		1
    DLL Side-Loading    		11
    Process Injection    		1
    Virtualization/Sandbox Evasion    		OS Credential Dumping2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts2
    Command and Scripting Interpreter    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		11
    Process Injection    		LSASS Memory31
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts1
    Native API    		Logon Script (Windows)Logon Script (Windows)1
    Deobfuscate/Decode Files or Information    		Security Account Manager1
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared Drive1
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
    Obfuscated Files or Information    		NTDS1
    Process Discovery    		Distributed Component Object ModelInput Capture1
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    DLL Side-Loading    		LSA Secrets1
    File and Directory Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials25
    System Information Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    lz4wnSavmK.exe42%ReversingLabsWin64.Trojan.Generic

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_MD2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_MD4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_MD5.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA1.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA224.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA256.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA384.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA512.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_keccak.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_poly1305.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Math\_modexp.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_curve25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_curve448.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Util\_strxor.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\VCRUNTIME140.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\VCRUNTIME140_1.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_asyncio.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_bz2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_ctypes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_decimal.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_hashlib.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_lzma.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_multiprocessing.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_overlapped.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_queue.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_socket.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_sqlite3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_ssl.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_uuid.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\_wmi.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_http_parser.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_http_writer.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_websocket\mask.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_websocket\reader_c.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\charset_normalizer\md.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\charset_normalizer\md__mypyc.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\frozenlist\_frozenlist.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\libcrypto-3.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\libffi-8.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI72522\libssl-3.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).0%Avira URL Cloudsafe
    https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:0%Avira URL Cloudsafe
    https://api.namemc.com/profile/0%Avira URL Cloudsafe
    https://www.attrs.org/en/stable/changelog.html0%Avira URL Cloudsafe
    https://uguu.se/api.php?d=uploadr0%Avira URL Cloudsafe
    https://www.attrs.org/en/stable/why.html#data-classes)0%Avira URL Cloudsafe
    https://www.variomedia.de/0%Avira URL Cloudsafe
    https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy0%Avira URL Cloudsafe
    https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file0%Avira URL Cloudsafe
    https://filepreviews.io/0%Avira URL Cloudsafe
    https://www.attrs.org/0%Avira URL Cloudsafe
    https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).0%Avira URL Cloudsafe
    http://www.accv.es000%Avira URL Cloudsafe
    http://www.firmaprofesional.com/cps00%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://account.riotgames.com/api/account/v1/userlz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://github.com/pyca/cryptography/issues/8996lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmpfalse
        		high
        https://github.com/astral-sh/rufflz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
          		high
          https://github.com/giampaolo/psutil/issues/875.lz4wnSavmK.exe, 00000001.00000002.1783857686.0000023D1FE80000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://github.com/python-attrs/attrs/issues/251lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packageslz4wnSavmK.exe, 00000001.00000002.1780216940.0000023D1E080000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svglz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                  		high
                  http://crl.dhimyotis.com/certignarootca.crl0lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/aio-libs/aiohttp/discussions/6044lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1783388416.0000023D1FA00000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/python/importlib_metadata/issueslz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                        		high
                        https://paypal.comlz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          http://python.orglz4wnSavmK.exe, 00000001.00000002.1781407808.0000023D1EF60000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#lz4wnSavmK.exe, 00000001.00000002.1779810317.0000023D1DC40000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1708416694.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1708780612.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710995990.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1709094694.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779502514.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://wheel.readthedocs.io/en/stable/news.htmllz4wnSavmK.exe, 00000000.00000003.1700587052.000001A0783B9000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                		high
                                https://github.com/sponsors/hynekMETADATA0.0.drfalse
                                  		high
                                  https://oauth.reddit.com/api/v1/melz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://importlib-metadata.readthedocs.io/METADATA.0.drfalse
                                      		high
                                      https://store.steampowered.comlz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        http://goo.gl/zeJZl.lz4wnSavmK.exe, 00000001.00000002.1783388416.0000023D1FA00000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.apache.org/licenses/LICENSE-2.0lz4wnSavmK.exe, 00000000.00000003.1689479571.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1689479571.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1689554134.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                            		high
                                            https://ebay.comlz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://packaging.python.org/en/latest/specifications/core-metadata/lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://epicgames.comlz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64lz4wnSavmK.exe, 00000001.00000003.1713760386.0000023D1E03A000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722821384.0000023D1DF3D000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1712804975.0000023D1E03A000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1714144801.0000023D1E039000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1714798755.0000023D1E039000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1716248069.0000023D1E039000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710604007.0000023D1E052000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1712247311.0000023D1E03A000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1711581460.0000023D1E04C000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1717256810.0000023D1E036000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1718708610.0000023D1E004000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/pypa/packaginglz4wnSavmK.exe, 00000001.00000002.1780889027.0000023D1E6B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.dropbox.com/scl/fi/3clo0b3x6nfajqm27kvx6/exodus.asar?rlkey=200tiyus0rc0u3u4j9kf517l0&st=lz4wnSavmK.exe, 00000001.00000002.1779734852.0000023D1DB40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687956062.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://readthedocs.org/projects/importlib-metadata/badge/?version=latestlz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                          		high
                                                          https://refspecs.linuxfoundation.org/elf/gabi4lz4wnSavmK.exe, 00000001.00000002.1780951794.0000023D1E7D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://crl.dhimyotis.com/certignarootca.crlKlz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://api.namemc.com/profile/lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://discord.com/api/v9/users/lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ipinfo.io/jsonlz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://blog.jaraco.com/skeletonlz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                      		high
                                                                      https://github.com/python-attrs/attrs/issues/136lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F1C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://tools.ietf.org/html/rfc3610lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F1FB000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://github.com/platformdirs/platformdirslz4wnSavmK.exe, 00000001.00000002.1780951794.0000023D1E7D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://crl.dhimyotis.com/certignarootca.crllz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E56F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://curl.haxx.se/rfc/cookie_spec.htmllz4wnSavmK.exe, 00000001.00000002.1781339387.0000023D1EE10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodelz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdlz4wnSavmK.exe, 00000000.00000003.1700587052.000001A0783B9000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                    		high
                                                                                    https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:lz4wnSavmK.exe, 00000001.00000003.1710105519.0000023D1E052000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710105519.0000023D1DFFD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://catbox.moe/user/api.phplz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamelz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779614953.0000023D1D8F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxylz4wnSavmK.exe, 00000001.00000002.1781339387.0000023D1EE10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://github.com/python-attrs/attrs/issues/1330)lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687956062.000001A0783C5000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                          		high
                                                                                          https://pypi.org/project/build/).lz4wnSavmK.exe, 00000001.00000002.1781149147.0000023D1EAF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.3lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781407808.0000023D1EF60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://wwww.certigna.fr/autorites/0mlz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E56F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://github.com/pypa/wheellz4wnSavmK.exe, 00000000.00000003.1700587052.000001A0783B9000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                    		high
                                                                                                    https://www.python.org/dev/peps/pep-0427/lz4wnSavmK.exe, 00000000.00000003.1700587052.000001A0783B9000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                      		high
                                                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerlz4wnSavmK.exe, 00000001.00000002.1779810317.0000023D1DC40000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1708416694.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1708780612.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710995990.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1709094694.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779502514.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://instagram.comlz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://github.com/python/cpython/issues/86361.lz4wnSavmK.exe, 00000001.00000003.1714144801.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1718708610.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1711640674.0000023D1DEBB000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722821384.0000023D1DF3D000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1717256810.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1713760386.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1715779434.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1712146990.0000023D1E310000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1711302743.0000023D1E310000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1713115040.0000023D1DFB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://mail.python.org/pipermail/python-dev/2012-June/120787.html.lz4wnSavmK.exe, 00000001.00000002.1783388416.0000023D1FA00000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F303000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://httpbin.org/lz4wnSavmK.exe, 00000001.00000003.1723458510.0000023D1E685000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.apache.org/licenses/lz4wnSavmK.exe, 00000000.00000003.1689479571.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                                                                                                  		high
                                                                                                                  https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainlz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-filelz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_modulelz4wnSavmK.exe, 00000001.00000002.1779734852.0000023D1DB40000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cacheslz4wnSavmK.exe, 00000001.00000002.1779734852.0000023D1DB40000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://filepreviews.io/lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://twitch.tvlz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.attrs.org/en/stable/why.html#data-classes)lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783C4000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://img.shields.io/badge/skeleton-2024-informationallz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                            		high
                                                                                                                            https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-thelz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1723480325.0000023D1DEAA000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722821384.0000023D1DE8B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://cryptography.io/en/latest/installation/lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://github.com/pypa/setuptools/issues/417#issuecomment-392298401lz4wnSavmK.exe, 00000001.00000002.1781015744.0000023D1E8D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://crl.securetrust.com/STCA.crllz4wnSavmK.exe, 00000001.00000002.1780862294.0000023D1E66E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://tools.ietf.org/html/rfc6125#section-6.4.3lz4wnSavmK.exe, 00000001.00000002.1781339387.0000023D1EE10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.attrs.org/en/stable/changelog.htmllz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://discord.com/api/v6/guilds/lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://uguu.se/api.php?d=uploadrlz4wnSavmK.exe, 00000001.00000003.1722653466.0000023D1E572000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://www.variomedia.de/lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://www.cert.fnmt.es/dpcs/lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E5F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://google.com/maillz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E56F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722653466.0000023D1E572000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1722484250.0000023D1E2F8000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://img.shields.io/pypi/v/importlib_metadata.svglz4wnSavmK.exe, 00000000.00000003.1698413661.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/jaraco/jaraco.functools/issues/5lz4wnSavmK.exe, 00000001.00000002.1780951794.0000023D1E7D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.accv.es00lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.rfc-editor.org/info/rfc7253lz4wnSavmK.exe, 00000001.00000002.1781660325.0000023D1F38B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/pyca/cryptography/issueslz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1786670466.00007FFDFA0BA000.00000002.00000001.01000000.00000029.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E5F9000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E502000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1721648911.0000023D1E502000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.attrs.org/METADATA0.0.drfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://mahler:8092/site-updates.pylz4wnSavmK.exe, 00000001.00000003.1717792025.0000023D1E2BA000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1780351948.0000023D1E2B0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1717230741.0000023D1E3D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://tools.ietf.org/html/rfc7231#section-4.3.6)lz4wnSavmK.exe, 00000001.00000003.1722821384.0000023D1DF3D000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1718708610.0000023D1DF3D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://cryptography.io/lz4wnSavmK.exe, 00000000.00000003.1689106912.000001A0783B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://discord.gg/lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://ip-api.com/jsonlz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).lz4wnSavmK.exe, 00000000.00000003.1687743014.000001A0783B6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://127.0.0.1:8443lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1781407808.0000023D1EF60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.firmaprofesional.com/cps0lz4wnSavmK.exe, 00000001.00000002.1781474952.0000023D1F0F0000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779999453.0000023D1DE80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_speclz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779614953.0000023D1D96C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://github.com/urllib3/urllib3/issues/2920lz4wnSavmK.exe, 00000001.00000002.1781277030.0000023D1ECF0000.00000004.00001000.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1723458510.0000023D1E685000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://crl.securetrust.com/SGCA.crl0lz4wnSavmK.exe, 00000001.00000002.1780504019.0000023D1E56F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datalz4wnSavmK.exe, 00000001.00000003.1708416694.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707217368.0000023D1DC46000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1707155735.0000023D1DC4E000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1708780612.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1710995990.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000003.1709094694.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmp, lz4wnSavmK.exe, 00000001.00000002.1779502514.0000023D1C05F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://friends.roblox.com/v1/users/lz4wnSavmK.exe, 00000001.00000002.1781213245.0000023D1EBF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high

                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                Public IPs

                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                163.5.242.208
                                                                                                                                                                                		unknownFrance
                                                                                                                                                                                		56339EPITECHFRfalse

                                                                                                                                                                                Private

                                                                                                                                                                                IP
                                                                                                                                                                                127.0.0.1

                                                                                                                                                                                General Information

                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                Analysis ID:1570262
                                                                                                                                                                                Start date and time:2024-12-06 17:47:03 +01:00
                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                Overall analysis duration:0h 6m 29s
                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                Report type:full
                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                Number of analysed new started processes analysed:2
                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                Technologies:
                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                Sample name:lz4wnSavmK.exe
                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                Original Sample Name:751a7a40b57d187a0b51d92c550e1309.exe
                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                Classification:mal52.troj.winEXE@3/109@0/2
                                                                                                                                                                                EGA Information:
                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                HCA Information:Failed
                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                • Stop behavior analysis, all processes terminated

                                                                                                                                                                                Warnings

                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 20.12.23.50
                                                                                                                                                                                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                • VT rate limit hit for: lz4wnSavmK.exe

                                                                                                                                                                                Simulations

                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                No simulations

                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                IPs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                163.5.242.208dipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                • 163.5.242.208/7236785358_chat.txt

                                                                                                                                                                                Domains

                                                                                                                                                                                No context

                                                                                                                                                                                ASNs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                EPITECHFRdipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                • 163.5.242.208
                                                                                                                                                                                105vjMVwfJ.dllGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                • 163.5.169.26
                                                                                                                                                                                7RDTQuL8WF.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                • 163.5.169.26
                                                                                                                                                                                botx.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                • 163.5.176.64
                                                                                                                                                                                spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                • 163.5.130.180
                                                                                                                                                                                m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                • 163.5.176.71
                                                                                                                                                                                sora.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                • 163.5.152.99
                                                                                                                                                                                SecuriteInfo.com.Win32.MalwareX-gen.20028.17631.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                • 163.5.160.86
                                                                                                                                                                                jNA5BK2z12.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                • 163.5.160.86
                                                                                                                                                                                la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 163.5.63.254

                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                No context

                                                                                                                                                                                Dropped Files

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_ARC4.pyddipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                  ROh2ijuEpr.exeGet hashmaliciousBabuk, ContiBrowse
                                                                                                                                                                                    zed.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      back.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        zed.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousPython Stealer, Amadey, LummaC Stealer, Nymaim, StealcBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, CryptbotBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, XWormBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11264
                                                                                                                                                                                                    Entropy (8bit):4.640339306680604
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:dLklddyTHThob0q/tJRrlDfNYSOcqgYCWt:ZgcdZq/JJD6gRWt
                                                                                                                                                                                                    MD5:BCD8CAAF9342AB891BB1D8DD45EF0098
                                                                                                                                                                                                    SHA1:EE7760BA0FF2548F25D764F000EFBB1332BE6D3E
                                                                                                                                                                                                    SHA-256:78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
                                                                                                                                                                                                    SHA-512:8B6FB53AECB514769985EBFDAB1B3C739024597D9C35905E04971D5422256546F7F169BF98F9BAF7D9F42A61CFF3EE7A20664989D3000773BF5EDA10CB3A0C24
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                    • Filename: dipwo1iToJ.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: ROh2ijuEpr.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: zed.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: back.ps1, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: zed.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13824
                                                                                                                                                                                                    Entropy (8bit):5.0194545642425075
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:4t/1nCuqaL0kt7AznuRmceS4lDFhAlcqgcLg:F/k1ACln4lDogcLg
                                                                                                                                                                                                    MD5:F19CB847E567A31FAB97435536C7B783
                                                                                                                                                                                                    SHA1:4C8BFE404AF28C1781740E7767619A5E2D2FF2B7
                                                                                                                                                                                                    SHA-256:1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
                                                                                                                                                                                                    SHA-512:382DC205F703FC3E1F072F17F58E321E1A65B86BE7D9D6B07F24A02A156308A7FEC9B1A621BA1F3428FD6BB413D14AE9ECB2A2C8DD62A7659776CFFDEBB6374C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13312
                                                                                                                                                                                                    Entropy (8bit):5.037456384995606
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDw6a9lkOcqgRGd:p/kpMIodrXbsiDS95gRGd
                                                                                                                                                                                                    MD5:DC14677EA8A8C933CC41F9CCF2BEDDC1
                                                                                                                                                                                                    SHA1:A6FB87E8F3540743097A467ABE0723247FDAF469
                                                                                                                                                                                                    SHA-256:68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
                                                                                                                                                                                                    SHA-512:3ABA4CFCBBE4B350AB3230D488BD75186427E3AAAF38D19E0E1C7330F16795AD77FB6E26FF39AF29EAF4F5E8C42118CB680F90AFBFCA218AEDA64DC444675BA2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14336
                                                                                                                                                                                                    Entropy (8bit):5.09191874780435
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:rMVsiXeqVb0lIb0Pj5Jdfpm68WZDInU282tacqgYLg:rM7ali0Pj5JxCaDuUlgYLg
                                                                                                                                                                                                    MD5:C09BB8A30F0F733C81C5C5A3DAD8D76D
                                                                                                                                                                                                    SHA1:46FD3BA87A32D12F4EE14601D1AD73B78EDC81D1
                                                                                                                                                                                                    SHA-256:8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
                                                                                                                                                                                                    SHA-512:691AC74FAE930E9CEABE782567EFB99C50DD9B8AD607DD7F99A5C7DF2FA2BEB7EDFE2EBB7095A72DA0AE24E688FBABD340EAE8B646D5B8C394FEE8DDD5E60D31
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36352
                                                                                                                                                                                                    Entropy (8bit):6.541423493519083
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:f/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxme:klcR7JriEbwDaS4j990th9VDBV
                                                                                                                                                                                                    MD5:0AB25F99CDAACA6B11F2ECBE8223CAD5
                                                                                                                                                                                                    SHA1:7A881B3F84EF39D97A31283DE6D7B7AE85C8BAE6
                                                                                                                                                                                                    SHA-256:6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
                                                                                                                                                                                                    SHA-512:11E89EEF34398DF3B144A0303E08B3A4CAF41A9A8CA618C18135F561731F285F8CF821D81179C2C45F6EEB0E496D9DD3ECF6FF202A3C453C80AFEF8582D06C17
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15360
                                                                                                                                                                                                    Entropy (8bit):5.367749645917753
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:YiJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bD9JXx03cqg5YUMLgs:/k1kTMZEjCWNaA2DTx0g5YUMLg
                                                                                                                                                                                                    MD5:B6EA675C3A35CD6400A7ECF2FB9530D1
                                                                                                                                                                                                    SHA1:0E41751AA48108D7924B0A70A86031DDE799D7D6
                                                                                                                                                                                                    SHA-256:76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
                                                                                                                                                                                                    SHA-512:E31FD33E1ED6D4DA3957320250282CFD9EB3A64F12DE4BD2DFE3410F66725164D96B27CAA34C501D1A535A5A2442D5F070650FD3014B4B92624EE00F1C3F3197
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16384
                                                                                                                                                                                                    Entropy (8bit):5.41148259289073
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:w3d9FkHaz0EJvrj+CYuz7ucc9dG7otDr22KcqgOiewZjW:YkHEJzj+X6769lDzagO/w
                                                                                                                                                                                                    MD5:F14E1AA2590D621BE8C10321B2C43132
                                                                                                                                                                                                    SHA1:FD84D11619DFFDF82C563E45B48F82099D9E3130
                                                                                                                                                                                                    SHA-256:FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
                                                                                                                                                                                                    SHA-512:A86B9DF163007277D26F2F732ECAB9DBCA8E860F8B5809784F46702D4CEA198824FDEF6AB98BA7DDC281E8791C10EABA002ABDA6F975323B36D5967E0443C1E4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20992
                                                                                                                                                                                                    Entropy (8bit):6.041302713678401
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:kUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8NDBcxgprAM:6NbRzWXwDqgLa1uBfP
                                                                                                                                                                                                    MD5:B127CAE435AEB8A2A37D2A1BC1C27282
                                                                                                                                                                                                    SHA1:2A7BF8BF7F24B2381370BA6B41FB640EE42BDCCD
                                                                                                                                                                                                    SHA-256:538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
                                                                                                                                                                                                    SHA-512:4FE027E46D5132CA63973C67BD5394F2AC74DD4BBCFE93CB16136FAB4B6BF67BECB5A0D4CA359FF9426DA63CA81F793BBF1B79C8A9D8372C53DCB5796D17367E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24576
                                                                                                                                                                                                    Entropy (8bit):6.530656045206549
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:cEDwUBi9SPu71omZXmrfXA+UA10ol31tuXVYdAgYj:FsUBXmoEXmrXA+NNxWFYfo
                                                                                                                                                                                                    MD5:2E15AA6F97ED618A3236CFA920988142
                                                                                                                                                                                                    SHA1:A9D556D54519D3E91FA19A936ED291A33C0D1141
                                                                                                                                                                                                    SHA-256:516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
                                                                                                                                                                                                    SHA-512:A6C75C4A285753CC94E45500E8DD6B6C7574FB7F610FF65667F1BEC8D8B413FC10514B7D62F196C2B8D017C308C5E19E2AEF918021FA81D0CB3D8CED37D8549A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                                                    Entropy (8bit):4.7080156150187396
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:lF/1n7Guqaj0ktfEJwX1fYwCODR3lncqg0Gd6l:RGXkJEm1feODxDg0Gd6
                                                                                                                                                                                                    MD5:40390F2113DC2A9D6CFAE7127F6BA329
                                                                                                                                                                                                    SHA1:9C886C33A20B3F76B37AA9B10A6954F3C8981772
                                                                                                                                                                                                    SHA-256:6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
                                                                                                                                                                                                    SHA-512:617B963816838D649C212C5021D7D0C58839A85D4D33BBAF72C0EC6ECD98B609080E9E57AF06FA558FF302660619BE57CC974282826AB9F21AE0D80FBAA831A1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12800
                                                                                                                                                                                                    Entropy (8bit):5.159963979391524
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:kblRgfeqfz0RP767fB4A84DgVD6eDcqgzbkLgmf:BwRj67p84Dg6eVgzbkLgmf
                                                                                                                                                                                                    MD5:899895C0ED6830C4C9A3328CC7DF95B6
                                                                                                                                                                                                    SHA1:C02F14EBDA8B631195068266BA20E03210ABEABC
                                                                                                                                                                                                    SHA-256:18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
                                                                                                                                                                                                    SHA-512:0B4C50E40AF92BC9589668E13DF417244274F46F5A66E1FC7D1D59BC281969BA319305BECEA119385F01CC4603439E4B37AFA2CF90645425210848A02839E3E7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14848
                                                                                                                                                                                                    Entropy (8bit):5.270418334522813
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:vktJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDZVMcqgnF6+6Lg:vkdU1ID3AdXd49urQPDggnUjLg
                                                                                                                                                                                                    MD5:C4C525B081F8A0927091178F5F2EE103
                                                                                                                                                                                                    SHA1:A1F17B5EA430ADE174D02ECC0B3CB79DBF619900
                                                                                                                                                                                                    SHA-256:4D86A90B2E20CDE099D6122C49A72BAE081F60EB2EEA0F76E740BE6C41DA6749
                                                                                                                                                                                                    SHA-512:7C06E3E6261427BC6E654B2B53518C7EAA5F860A47AE8E80DC3F8F0FED91E122CB2D4632188DC44123FB759749B5425F426CD1153A8F84485EF0491002B26555
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):56832
                                                                                                                                                                                                    Entropy (8bit):4.231032526864278
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:0qcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZA21agVF:fEiqHHx4vZDV
                                                                                                                                                                                                    MD5:F9E266F763175B8F6FD4154275F8E2F0
                                                                                                                                                                                                    SHA1:8BE457700D58356BC2FA7390940611709A0E5473
                                                                                                                                                                                                    SHA-256:14D2799BE604CBDC668FDE8834A896EEE69DAE0E0D43B37289FCCBA35CEF29EC
                                                                                                                                                                                                    SHA-512:EB3E37A3C3FF8A65DEF6FA20941C8672A8197A41977E35AE2DC6551B5587B84C2703758320559F2C93C0531AD5C9D0F6C36EC5037669DC5CE78EB3367D89877B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):57344
                                                                                                                                                                                                    Entropy (8bit):4.252429732285762
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:J4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZGsURygUX:GEO6CHnX0vZb7
                                                                                                                                                                                                    MD5:DECF524B2D53FCD7D4FA726F00B3E5FC
                                                                                                                                                                                                    SHA1:E87C6ED4004F2772B888C5B5758AA75FE99D2F6F
                                                                                                                                                                                                    SHA-256:58F7053EE70467D3384C73F299C0DFD63EEF9744D61D1980D9D2518974CA92D4
                                                                                                                                                                                                    SHA-512:EAFF4FD80843743E61CE635FBADF4E5D9CF2C3E97F3C48350BD9E755F4423AC6867F9FE8746BD5C54E1402B18E8A55AEEF7ACA098C7CF4186DC4C1235EB35DF2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10240
                                                                                                                                                                                                    Entropy (8bit):4.690163963718492
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:Yddz2KTnThIz0qfteRY4zp+D3PLui8p1cqgHCWt:k2E9RqfCXp+D3juRpLgiWt
                                                                                                                                                                                                    MD5:80BB1E0E06ACAF03A0B1D4EF30D14BE7
                                                                                                                                                                                                    SHA1:B20CAC0D2F3CD803D98A2E8A25FBF65884B0B619
                                                                                                                                                                                                    SHA-256:5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
                                                                                                                                                                                                    SHA-512:2A13AB6715B818AD62267AB51E55CD54714AEBF21EC9EA61C2AEFD56017DC84A6B360D024F8682A2E105582B9C5FE892ECEBD2BEF8A492279B19FFD84BC83FA5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):22016
                                                                                                                                                                                                    Entropy (8bit):6.1215844022564285
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:nUX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8xCkgJrAm:jNbRw8EbxwKBwbD+gLa1nh
                                                                                                                                                                                                    MD5:3727271FE04ECB6D5E49E936095E95BC
                                                                                                                                                                                                    SHA1:46182698689A849A8C210A8BF571D5F574C6F5B1
                                                                                                                                                                                                    SHA-256:3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
                                                                                                                                                                                                    SHA-512:5BED1F4DF678FE90B8E3F1B7C4F68198463E579209B079CB4A40DCAC01CE26AA2417DBE029B196F6F2C6AFAD560E2D1AF9F089ABE37EAD121CA10EE69D9659ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17920
                                                                                                                                                                                                    Entropy (8bit):5.293810509074883
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:4PHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgDQ3iNgnVbwhA:dUOhBcDRogeXOfoTezcio3pUJgDQ3i+
                                                                                                                                                                                                    MD5:78AEF441C9152A17DD4DC40C7CC9DF69
                                                                                                                                                                                                    SHA1:6BB6F8426AFA6522E647DFC82B1B64FAF3A9781F
                                                                                                                                                                                                    SHA-256:56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
                                                                                                                                                                                                    SHA-512:27B27E77BE81B29D42359FE28531225383860BCD19A79044090C4EA58D9F98009A254BF63585979C60B3134D47B8233941ABB354A291F23C8641A4961FA33107
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11776
                                                                                                                                                                                                    Entropy (8bit):4.862619033406922
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:0Ga+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDULk+VOmWbucX6gR7:PF/1n7Guqaj0ktfEON+bMDUlJcqg0Gd
                                                                                                                                                                                                    MD5:19E0ABF76B274C12FF624A16713F4999
                                                                                                                                                                                                    SHA1:A4B370F556B925F7126BF87F70263D1705C3A0DB
                                                                                                                                                                                                    SHA-256:D9FDA05AE16C5387AB46DC728C6EDCE6A3D0A9E1ABDD7ACB8B32FC2A17BE6F13
                                                                                                                                                                                                    SHA-512:D03033EA5CF37641FBD802EBEB5019CAEF33C9A78E01519FEA88F87E773DCA92C80B74BA80429B530694DAD0BFA3F043A7104234C7C961E18D48019D90277C8E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14336
                                                                                                                                                                                                    Entropy (8bit):5.227045547076371
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:saF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDn4clG6VcqgOvgdd:swGXkFE8Zo+AojO9jZeDf5rgOvgz
                                                                                                                                                                                                    MD5:309D6F6B0DD022EBD9214F445CAC7BB9
                                                                                                                                                                                                    SHA1:ABD22690B7AD77782CFC0D2393D0C038E16070B0
                                                                                                                                                                                                    SHA-256:4FBE188C20FB578D4B66349D50AA6FFE4AB86844FB6427C57738F36780D1E2E2
                                                                                                                                                                                                    SHA-512:D1951FE92F83E7774E8E877815BED6E6216D56EF18B7F1C369D678CB6E1814243659E9FA7ABC0D22FB5B34A9D50A51D5A89BA00AE1FDD32157FD0FF9902FB4B7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13824
                                                                                                                                                                                                    Entropy (8bit):5.176369829782773
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:rF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreD2mf1AoxkVcqgOvgXQ:rGXkFE/UW575tA2eDp1Ao2rgOvgX
                                                                                                                                                                                                    MD5:D54FEB9A270B212B0CCB1937C660678A
                                                                                                                                                                                                    SHA1:224259E5B684C7AC8D79464E51503D302390C5C9
                                                                                                                                                                                                    SHA-256:032B83F1003A796465255D9B246050A196488BAC1260F628913E536314AFDED4
                                                                                                                                                                                                    SHA-512:29955A6569CA6D039B35BB40C56AEEB75FC765600525D0B469F72C97945970A428951BAB4AF9CD21B3161D5BBA932F853778E2674CA83B14F7ABA009FA53566F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14336
                                                                                                                                                                                                    Entropy (8bit):5.047563322651927
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:6alCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHD9CIg5kP:5CvHmp3OpnEhmLg9yH8puzoFaPERIQgI
                                                                                                                                                                                                    MD5:52DCD4151A9177CF685BE4DF48EA9606
                                                                                                                                                                                                    SHA1:F444A4A5CBAE9422B408420115F0D3FF973C9705
                                                                                                                                                                                                    SHA-256:D54375DC0652358A6E4E744F1A0EAEEAD87ACCD391A20D6FF324FE14E988A122
                                                                                                                                                                                                    SHA-512:64C54B89F2637759309ECC6655831C3A6755924ED70CBC51614061542EB9BA9A8AECF6951EB3AB92447247DC4D7D846C88F4957DBBE4484A9AB934343EE27178
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13824
                                                                                                                                                                                                    Entropy (8bit):5.09893680790018
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:xsiXeqVb0lwbH4P01sAD7I/9hAkwDWzBEbcqgqLg:valqH4M1sAD7KvpwDFtgqLg
                                                                                                                                                                                                    MD5:F929B1A3997427191E07CF52AC883054
                                                                                                                                                                                                    SHA1:C5EA5B68586C2FB09E5FDD20D4DD616D06F5CBA6
                                                                                                                                                                                                    SHA-256:5386908173074FABD95BF269A9DF0A4E1B21C0576923186F449ABF4A820F6A8E
                                                                                                                                                                                                    SHA-512:2C79DBCE2C21214D979AB86DD989D41A3AFA7FCB7F3B79BA9974E2EE8F832DD7CA20C1C87C0C380DB037D776FE6D0851D60AD55A08AFDE0003B7E59214DD2F3B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15360
                                                                                                                                                                                                    Entropy (8bit):5.451865349855574
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:KfwogDHER1wuiDSyoGTgDZOviNgEPrLg:ugDHELwuiDScTgDwi+EP
                                                                                                                                                                                                    MD5:1FA5E257A85D16E916E9C22984412871
                                                                                                                                                                                                    SHA1:1AC8EE98AD0A715A1B40AD25D2E8007CDC19871F
                                                                                                                                                                                                    SHA-256:D87A9B7CAD4C451D916B399B19298DC46AAACC085833C0793092641C00334B8E
                                                                                                                                                                                                    SHA-512:E4205355B647C6E28B7E4722328F51DC2EB3A109E9D9B90F7C53D7A80A5A4B10E40ABDDAB1BA151E73EF3EB56941F843535663F42DCE264830E6E17BB659EADF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13824
                                                                                                                                                                                                    Entropy (8bit):5.104245335186531
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:3F/1n7Guqaj0kt7/Ev9kt0Qwac6QzD8iD0QocqgI4G0S:nGXkd/EvGt9wacNDvAgI4v
                                                                                                                                                                                                    MD5:FAD578A026F280C1AE6F787B1FA30129
                                                                                                                                                                                                    SHA1:9A3E93818A104314E172A304C3D117B6A66BEB55
                                                                                                                                                                                                    SHA-256:74A1FF0801F4704158684267CD8E123F83FB6334FE522C1890AC4A0926F80AB1
                                                                                                                                                                                                    SHA-512:ACF8F5B382F3B4C07386505BBDCAF625D13BCC10AA93ED641833E3548261B0AD1063E2F59BE2FCD2AFAF3D315CB3FC5EB629CEFC168B33CFD65A3A6F1120F7FF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17920
                                                                                                                                                                                                    Entropy (8bit):5.671305741258107
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:APHoDUntQj0sKhDOJ+0QPSfu6rofDjiZzgE+kbwb:VUOYsKNO466DjoUE+
                                                                                                                                                                                                    MD5:556E6D0E5F8E4DA74C2780481105D543
                                                                                                                                                                                                    SHA1:7A49CDEF738E9FE9CD6CD62B0F74EAD1A1774A33
                                                                                                                                                                                                    SHA-256:247B0885CF83375211861F37B6DD1376AED5131D621EE0137A60FE7910E40F8B
                                                                                                                                                                                                    SHA-512:28FA0CE6BDBCC5E95B80AADC284C12658EF0C2BE63421AF5627776A55050EE0EA0345E30A15B744FC2B2F5B1B1BBB61E4881F27F6E3E863EBAAEED1073F4CDA1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....*..........P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):21504
                                                                                                                                                                                                    Entropy (8bit):5.878701941774916
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:EJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1OhgkxEv:EcIRnHX1P/YtswvaD1Rk
                                                                                                                                                                                                    MD5:2F2655A7BBFE08D43013EDDA27E77904
                                                                                                                                                                                                    SHA1:33D51B6C423E094BE3E34E5621E175329A0C0914
                                                                                                                                                                                                    SHA-256:C734ABBD95EC120CB315C43021C0E1EB1BF2295AF9F1C24587334C3FCE4A5BE1
                                                                                                                                                                                                    SHA-512:8AF99ACC969B0E560022F75A0CDCAA85D0BDEADADEACD59DD0C4500F94A5843EA0D4107789C1A613181B1F4E5252134A485EF6B1D9D83CDB5676C5FEE4D49B90
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):21504
                                                                                                                                                                                                    Entropy (8bit):5.881781476285865
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:EJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD12gkxEv:EcIRnHXfP/YtswvaD1zk
                                                                                                                                                                                                    MD5:CDE035B8AB3D046B1CE37EEE7EE91FA0
                                                                                                                                                                                                    SHA1:4298B62ED67C8D4F731D1B33E68D7DC9A58487FF
                                                                                                                                                                                                    SHA-256:16BEA322D994A553B293A724B57293D57DA62BC7EAF41F287956B306C13FD972
                                                                                                                                                                                                    SHA-512:C44FDEE5A210459CE4557351E56B2D357FD4937F8EC8EACEAB842FEE29761F66C2262FCBAAC837F39C859C67FA0E23D13E0F60B3AE59BE29EB9D8ABAB0A572BB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):26624
                                                                                                                                                                                                    Entropy (8bit):5.837887867708438
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:e839Cc4itui0gel9soFdkO66MlPGXmXcyYDTzks:Ns4u/FZ6nPxMLDvk
                                                                                                                                                                                                    MD5:999D431197D7E06A30E0810F1F910B9A
                                                                                                                                                                                                    SHA1:9BFF781221BCFFD8E55485A08627EC2A37363C96
                                                                                                                                                                                                    SHA-256:AB242B9C9FB662C6F7CB57F7648F33983D6FA3BB0683C5D4329EC2CC51E8C875
                                                                                                                                                                                                    SHA-512:A5DD92DD471ADB44EEFE5919EF9CA3978724E21174DF5B3A9C1F0AB462F928E5A46A460D02417DB7522F5DE3BFEED5EEE6B1EAFAF3E621722E85E72675F7096F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):26624
                                                                                                                                                                                                    Entropy (8bit):5.895310340516013
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:lcX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTOvk:a38u/FZ6nPxM3DAk
                                                                                                                                                                                                    MD5:0931ABBF3AED459B1A2138B551B1D3BB
                                                                                                                                                                                                    SHA1:9EC0296DDAF574A89766A2EC035FC30073863AB0
                                                                                                                                                                                                    SHA-256:1729A0DC6B80CB7A3C07372B98B10D3C6C613EA645240878E1FDE6A992FA06F1
                                                                                                                                                                                                    SHA-512:9F970BB4D10B94F525DDDDE307C7DA5E672BBFB3A3866A34B89B56ADA99476724FD690A4396857182749294F67F36DB471A048789FB715D2A7DAF46917FC1947
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12800
                                                                                                                                                                                                    Entropy (8bit):4.967737129255606
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:dMpWt/1nCuqaL0kt7TsEx2fiTgDZqGF0T7cqgkLgJ:k/k1Ts64DDJyBgkLg
                                                                                                                                                                                                    MD5:5F057A380BACBA4EF59C0611549C0E02
                                                                                                                                                                                                    SHA1:4B758D18372D71F0AA38075F073722A55B897F71
                                                                                                                                                                                                    SHA-256:BCB14DAC6C87C24269D3E60C46B49EFFB1360F714C353318F5BBAA48C79EC290
                                                                                                                                                                                                    SHA-512:E1C99E224745B86EE55822C1DBCB4555A11EC31B72D87B46514917EB61E0258A1C6D38C4F592969C17EB4F0F74DA04BCECA31CF1622720E95F0F20E9631792E8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13312
                                                                                                                                                                                                    Entropy (8bit):5.007867576025166
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:bMt/1nCuqaL0ktPH0T7fwtF4zDn2rGacqgRGd:1/kpU3Yv4zDXqgRGd
                                                                                                                                                                                                    MD5:49BCA1B7DF076D1A550EE1B7ED3BD997
                                                                                                                                                                                                    SHA1:47609C7102F5B1BCA16C6BAD4AE22CE0B8AEE9E9
                                                                                                                                                                                                    SHA-256:49E15461DCB76690139E71E9359F7FCF92269DCCA78E3BFE9ACB90C6271080B2
                                                                                                                                                                                                    SHA-512:8574D7FA133B72A4A8D1D7D9FDB61053BC88C2D238B7AC7D519BE19972B658C44EA1DE433885E3206927C75DD5D1028F74999E048AB73189585B87630F865466
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15872
                                                                                                                                                                                                    Entropy (8bit):5.226023387740053
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:rfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDiYIgovg:mcHfRl5pauoSjy5DiE
                                                                                                                                                                                                    MD5:CB5CFDD4241060E99118DEEC6C931CCC
                                                                                                                                                                                                    SHA1:1E7FED96CF26C9F4730A4621CA9D18CECE3E0BCE
                                                                                                                                                                                                    SHA-256:A8F809B6A417AF99B75EEEEA3ECD16BDA153CBDA4FFAB6E35CE1E8C884D899C4
                                                                                                                                                                                                    SHA-512:8A89E3563C14B81353D251F9F019D8CBF07CB98F78452B8522413C7478A0D77B9ABF2134E4438145D6363CDA39721D2BAE8AD13D1CDACCBB5026619D95F931CF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14848
                                                                                                                                                                                                    Entropy (8bit):5.262055670423592
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:C/ZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cD66WGcqgFjLg:vI4IHHaQfSVnCZyDImgFjLg
                                                                                                                                                                                                    MD5:18D2D96980802189B23893820714DA90
                                                                                                                                                                                                    SHA1:5DEE494D25EB79038CBC2803163E2EF69E68274C
                                                                                                                                                                                                    SHA-256:C2FD98C677436260ACB9147766258CB99780A007114AED37C87893DF1CF1A717
                                                                                                                                                                                                    SHA-512:0317B65D8F292332C5457A6B15A77548BE5B2705F34BB8F4415046E3E778580ABD17B233E6CC2755C991247E0E65B27B5634465646715657B246483817CACEB7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36352
                                                                                                                                                                                                    Entropy (8bit):5.913843738203007
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:dspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSq:7Y44UagH6cAFCLUSYpMg3YDzPo5kG9G
                                                                                                                                                                                                    MD5:EF472BA63FD22922CA704B1E7B95A29E
                                                                                                                                                                                                    SHA1:700B68E7EF95514D5E94D3C6B10884E1E187ACD8
                                                                                                                                                                                                    SHA-256:66EEF4E6E0CEEEF2C23A758BFBEDAE7C16282FC93D0A56ACAFC40E871AC3F01C
                                                                                                                                                                                                    SHA-512:DC2060531C4153C43ABF30843BCB5F8FA082345CA1BB57F9AC8695EDDB28FF9FDA8132B6B6C67260F779D95FCADCAE2811091BCA300AB1E041FAE6CC7B50ABD8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .....`...0......`.....................................................`..........................................~..|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                                                    Entropy (8bit):4.735350805948923
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:rhsC3eqv6b0q3OQ3rHu5bc64OhD2I/p3cqgONLg:r/Hq3jHuY64OhDJJgONLg
                                                                                                                                                                                                    MD5:3B1CE70B0193B02C437678F13A335932
                                                                                                                                                                                                    SHA1:063BFD5A32441ED883409AAD17285CE405977D1F
                                                                                                                                                                                                    SHA-256:EB2950B6A2185E87C5318B55132DFE5774A5A579259AB50A7935A7FB143EA7B1
                                                                                                                                                                                                    SHA-512:0E02187F17DFCFD323F2F0E62FBFE35F326DCF9F119FC8B15066AFAEEE4EB7078184BC85D571B555E9E67A2DD909EC12D8A67E3D075E9B1283813EF274E05C0D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_curve25519.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):22528
                                                                                                                                                                                                    Entropy (8bit):5.705606408072877
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:19BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDEFSegqrA:NcRy38J+9dmvufFtaGDV
                                                                                                                                                                                                    MD5:FF33C306434DEC51D39C7BF1663E25DA
                                                                                                                                                                                                    SHA1:665FCF47501F1481534597C1EAC2A52886EF0526
                                                                                                                                                                                                    SHA-256:D0E3B6A2D0E073B2D9F0FCDB051727007943A17A4CA966D75EBA37BECDBA6152
                                                                                                                                                                                                    SHA-512:66A909DC9C3B7BD4050AA507CD89B0B3A661C85D33C881522EC9568744953B698722C1CBFF093F9CBCD6119BD527FECAB05A67F2E32EC479BE47AFFA4377362C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_curve448.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):70656
                                                                                                                                                                                                    Entropy (8bit):6.0189903352673655
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:Jfju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXOa:pXRMgWiEDZiECgd/iwOXUQdbhov0ClbU
                                                                                                                                                                                                    MD5:F267BF4256F4105DAD0D3E59023011ED
                                                                                                                                                                                                    SHA1:9BC6CA0F375CE49D5787C909D290C07302F58DA6
                                                                                                                                                                                                    SHA-256:1DDE8BE64164FF96B2BAB88291042EB39197D118422BEE56EB2846E7A2D2F010
                                                                                                                                                                                                    SHA-512:A335AF4DBF1658556ED5DC13EE741419446F7DAEC6BD2688B626A803FA5DD76463D6367C224E0B79B17193735E2C74BA417C26822DAEEF05AC3BAB1588E2DE83
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...\..f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):770560
                                                                                                                                                                                                    Entropy (8bit):7.613224993327352
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:XtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:XtIrHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                    MD5:1EFD7F7CB1C277416011DE6F09C355AF
                                                                                                                                                                                                    SHA1:C0F97652AC2703C325AB9F20826A6F84C63532F2
                                                                                                                                                                                                    SHA-256:AB45FA80A68DB1635D41DC1A4AAD980E6716DAC8C1778CB5F30CDB013B7DF6E6
                                                                                                                                                                                                    SHA-512:2EC4B88A1957733043BBD63CEAA6F5643D446DB607B3267FAD1EC611E6B0AF697056598AAC2AE5D44AB2B9396811D183C32BCE5A0FF34E583193A417D1C5226B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):26112
                                                                                                                                                                                                    Entropy (8bit):5.8551858881598795
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:BczadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2pRQNgQQ77k:2udRf2MuMJ+9dmv8aea34taLDcfQ
                                                                                                                                                                                                    MD5:C5FB377F736ED731B5578F57BB765F7A
                                                                                                                                                                                                    SHA1:5BA51E11F4DE1CAEDEBA0F7D4D10EC62EC109E01
                                                                                                                                                                                                    SHA-256:32073DF3D5C85ABCE7D370D6E341EF163A8350F6A9EDC775C39A23856CCFDD53
                                                                                                                                                                                                    SHA-512:D361BCDAF2C700D5A4AC956D96E00961432C05A1B692FC870DB53A90F233A6D24AA0C3BE99E40BD8E5B7C6C1B2BCDCDCFC545292EF321486FFC71C5EA7203E6A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):84992
                                                                                                                                                                                                    Entropy (8bit):6.064677498000638
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:BrYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKW:Br4vxcZeLrIeN1TvHsuP45yAqVDK9ag3
                                                                                                                                                                                                    MD5:8A0C0AA820E98E83AC9B665A9FD19EAF
                                                                                                                                                                                                    SHA1:6BF5A14E94D81A55A164339F60927D5BF1BAD5C4
                                                                                                                                                                                                    SHA-256:4EE3D122DCFFE78E6E7E76EE04C38D3DC6A066E522EE9F7AF34A09649A3628B1
                                                                                                                                                                                                    SHA-512:52496AE7439458DEDB58A65DF9FFDCC3A7F31FC36FE7202FB43570F9BB03ABC0565F5EF32E5E6C048ED3EBC33018C19712E58FF43806119B2FB5918612299E7E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10240
                                                                                                                                                                                                    Entropy (8bit):4.675380950473425
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:frQRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDpqf4AZaRcX6gnO:Qddz2KTnThIz0qfteRIDgRWcqgnCWt
                                                                                                                                                                                                    MD5:44B930B89CE905DB4716A548C3DB8DEE
                                                                                                                                                                                                    SHA1:948CBFF12A243C8D17A7ACD3C632EE232DF0F0ED
                                                                                                                                                                                                    SHA-256:921C2D55179C0968535B20E9FD7AF55AD29F4CE4CF87A90FE258C257E2673AA5
                                                                                                                                                                                                    SHA-512:79DF755BE8B01D576557A4CB3F3200E5EE1EDE21809047ABB9FF8D578C535AC1EA0277EDA97109839A7607AF043019F2C297E767441C7E11F81FDC87FD1B6EFC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................@'..|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10240
                                                                                                                                                                                                    Entropy (8bit):4.625428549874022
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:flipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDVZqYNIfcX6gHCWx:Cddz2KTnThIz0qfteR5DVwYkcqgHCWt
                                                                                                                                                                                                    MD5:F24F9356A6BDD29B9EF67509A8BC3A96
                                                                                                                                                                                                    SHA1:A26946E938304B4E993872C6721EB8CC1DCBE43B
                                                                                                                                                                                                    SHA-256:034BB8EFE3068763D32C404C178BD88099192C707A36F5351F7FDB63249C7F81
                                                                                                                                                                                                    SHA-512:C4D3F92D7558BE1A714388C72F5992165DD7A9E1B4FA83B882536030542D93FDAD9148C981F76FFF7868192B301AC9256EDB8C3D5CE5A1A2ACAC183F96C1028B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\VCRUNTIME140.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):109392
                                                                                                                                                                                                    Entropy (8bit):6.641929675972235
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
                                                                                                                                                                                                    MD5:4585A96CC4EEF6AAFD5E27EA09147DC6
                                                                                                                                                                                                    SHA1:489CFFF1B19ABBEC98FDA26AC8958005E88DD0CB
                                                                                                                                                                                                    SHA-256:A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736
                                                                                                                                                                                                    SHA-512:D78260C66331FE3029D2CC1B41A5D002EC651F2E3BBF55076D65839B5E3C6297955AFD4D9AB8951FBDC9F929DBC65EB18B14B59BCE1F2994318564EB4920F286
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d..._#;..........." ...".....`......................................................=.....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\VCRUNTIME140_1.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):49520
                                                                                                                                                                                                    Entropy (8bit):6.65700274508223
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:YEgYXUcHJcUJSDW/tfxL1qBSHGm6Ub/I2Hi09z0XQKBcRmuU9zuKl:YvGS8fZ1esJwUpz0X3B+d8zuKl
                                                                                                                                                                                                    MD5:7E668AB8A78BD0118B94978D154C85BC
                                                                                                                                                                                                    SHA1:DBAC42A02A8D50639805174AFD21D45F3C56E3A0
                                                                                                                                                                                                    SHA-256:E4B533A94E02C574780E4B333FCF0889F65ED00D39E32C0FBBDA2116F185873F
                                                                                                                                                                                                    SHA-512:72BB41DB17256141B06E2EAEB8FC65AD4ABDB65E4B5F604C82B9E7E7F60050734137D602E0F853F1A38201515655B6982F2761EE0FA77C531AA58591C95F0032
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............L...L...L...M...L...M...L.FL...L...L...L...M...L...M...L...M...L...M...L..*L...L...M...LRich...L........................PE..d....J.$.........." ...".<...8.......A....................................................`A........................................0m.......m..x....................r..pO......D....c..p...........................pb..@............P..h............................text...0:.......<.................. ..`.rdata..."...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_asyncio.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):71448
                                                                                                                                                                                                    Entropy (8bit):6.243013214204417
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:nhaPPkvDcBlqCTFFQ/ObfW11swNIGOnL7SyaeCxT:hanCDcnqCJFOObfW11swNIGOnLoeE
                                                                                                                                                                                                    MD5:2CD68FF636394D3019411611E27D0A3B
                                                                                                                                                                                                    SHA1:DA369C5D1A32F68639170D8A265A9EA49C2C8EBD
                                                                                                                                                                                                    SHA-256:0D4FBD46F922E548060EA74C95E99DC5F19B1DF69BE17706806760515C1C64FE
                                                                                                                                                                                                    SHA-512:37388D137454F52057B2376D95ABCC955FA1EDC3E20B96445FA45D1860544E811DF0C547F221C8671DC1A4D90262BB20F3B9F114252F3C47A8C3829951A2CE51
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B:.T.[...[...[...#*..[...'...[...'...[...'...[...'...[...&...[..M#...[...[...[...&...[...&...[...&F..[...&...[..Rich.[..........................PE..d...Q..e.........." ...#.f................................................... ......A&....`.............................................P......d......................../..............T...........................@...@............................................text...)d.......f.................. ..`.rdata..`O.......P...j..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_bz2.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):84760
                                                                                                                                                                                                    Entropy (8bit):6.584507188180646
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:FFzZz757cav+IuK66nlxX8W8LsANVIGCV87SyixL7:DzZzq6n3MhLsMVIGCV8O7
                                                                                                                                                                                                    MD5:C7CE973F261F698E3DB148CCAD057C96
                                                                                                                                                                                                    SHA1:59809FD48E8597A73211C5DF64C7292C5D120A10
                                                                                                                                                                                                    SHA-256:02D772C03704FE243C8DE2672C210A5804D075C1F75E738D6130A173D08DFCDE
                                                                                                                                                                                                    SHA-512:A924750B1825747A622EEF93331FD764D824C954297E37E8DC93A450C11AA7AB3AD7C3B823B11656B86E64DE3CD5D409FDA15DB472488DFAA4BB50341F0B29D1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.l.3...3...3...:...9......1......0......>......;......7.......0...x...1...3...l.......;.......2.......2.......2...Rich3...................PE..d...f..e.........." ...#.....^...............................................P.......@....`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text............................... ..`.rdata..p>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):179712
                                                                                                                                                                                                    Entropy (8bit):6.180800197956408
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:IULjhBCx8qImKrUltSfGzdMcbb9CF8OS7jkSTLkKWlgeml:IgCeqImzSfIMcNCvOkSTLLWWem
                                                                                                                                                                                                    MD5:FCB71CE882F99EC085D5875E1228BDC1
                                                                                                                                                                                                    SHA1:763D9AFA909C15FEA8E016D321F32856EC722094
                                                                                                                                                                                                    SHA-256:86F136553BA301C70E7BADA8416B77EB4A07F76CCB02F7D73C2999A38FA5FA5B
                                                                                                                                                                                                    SHA-512:4A0E98AB450453FD930EDC04F0F30976ABB9214B693DB4B6742D784247FB062C57FAFAFB51EB04B7B4230039AB3B07D2FFD3454D6E261811F34749F2E35F04D6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......a..#%p.p%p.p%p.p,..p)p.p5.q'p.p5.zp!p.p5.q!p.p5.q-p.p5.q)p.pn..q!p.p6.q&p.p%p.p.p.pm..q!p.p,..p$p.pm..q$p.pm.xp$p.pm..q$p.pRich%p.p........................PE..d...W..f.........." ...).....B......`........................................0............`..........................................h..l....i..................T............ .......O...............................M..@............................................text............................... ..`.rdata..............................@..@.data....].......0...p..............@....pdata..T...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_ctypes.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):124696
                                                                                                                                                                                                    Entropy (8bit):6.1345016966871455
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:kuiS11BYNd+5AWdu41qOqJ/f/EX4lCPIWu1ptpIGLP+z:Pl1U+Ke/16f/ExWI
                                                                                                                                                                                                    MD5:10FDCF63D1C3C3B7E5861FBB04D64557
                                                                                                                                                                                                    SHA1:1AA153EFEC4F583643046618B60E495B6E03B3D7
                                                                                                                                                                                                    SHA-256:BC3B83D2DC9E2F0E6386ED952384C6CF48F6EED51129A50DFD5EF6CBBC0A8FB3
                                                                                                                                                                                                    SHA-512:DC702F4100ED835E198507CD06FA5389A063D4600FC08BE780690D729AB62114FD5E5B201D511B5832C14E90A5975ED574FC96EDB5A9AB9EB83F607C7A712C7F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z.z.z.s...|....x....v....r....~.....x.1...{.1...|.....y.z.......|.....{...o.{.....{.Richz.................PE..d...c..e.........." ...#............p^..............................................".....`..........................................`.......a.........................../......p.......T...............................@............................................text............................... ..`.rdata...l.......n..................@..@.data....4.......0...h..............@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_decimal.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):253208
                                                                                                                                                                                                    Entropy (8bit):6.567915765795386
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:DV0lmIvcruIDCiryrjqPBTn9qWM53pLW1AuDRRRctULoT3TdTx:SN0rQiryr8TaV+QTdTx
                                                                                                                                                                                                    MD5:21C73E7E0D7DAD7A1FE728E3B80CE073
                                                                                                                                                                                                    SHA1:7B363AF01E83C05D0EA75299B39C31D948BBFE01
                                                                                                                                                                                                    SHA-256:A28C543976AA4B6D37DA6F94A280D72124B429F458D0D57B7DBCF71B4BEA8F73
                                                                                                                                                                                                    SHA-512:0357102BFFC2EC2BC6FF4D9956D6B8E77ED8558402609E558F1C1EBC1BACA6AEAA5220A7781A69B783A54F3E76362D1F74D817E4EE22AAC16C7F8C86B6122390
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.R.!...!...!...Y=..!..+]...!..+]...!..+]...!..+]...!..M\...!...Y...!...!...!..M\...!..M\...!..M\...!..M\Q..!..M\...!..Rich.!..........PE..d...T..e.........." ...#.v...<......|.....................................................`..........................................T..P....T...................'......./......P...`...T........................... ...@............................................text....t.......v.................. ..`.rdata...............z..............@..@.data....*...p...$...R..............@....pdata...'.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_hashlib.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):64792
                                                                                                                                                                                                    Entropy (8bit):6.219813461442214
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:CQGllrIdcGuzZc94cVM7gDX4NIGOI67Sy+xzn1:I6cvz+9IgDX4NIGOI6Sn1
                                                                                                                                                                                                    MD5:F495D1897A1B52A2B15C20DCECB84B47
                                                                                                                                                                                                    SHA1:8CB65590A8815BDA58C86613B6386B5982D9EC3F
                                                                                                                                                                                                    SHA-256:E47E76D70D508B62924FE480F30E615B12FDD7745C0AAC68A2CDDABD07B692AE
                                                                                                                                                                                                    SHA-512:725D408892887BEBD5BCF040A0ECC6A4E4B608815B9DEA5B6F7B95C812715F82079896DF33B0830C9F787FFE149B8182E529BB1F78AADD89DF264CF8853EE4C4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&.U&...&u..'...&u..'...&u..'...&u..'...&...'...&...'...&...&M..&...'...&...'...&..9&...&...'...&Rich...&........PE..d......e.........." ...#.R...~.......>..............................................'.....`.............................................P.............................../......X....|..T............................{..@............p..(............................text...7P.......R.................. ..`.rdata...N...p...P...V..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_lzma.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):159512
                                                                                                                                                                                                    Entropy (8bit):6.841828996170163
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:RmuEE9tZBoI+1hINrznfB9mNoNSn2Vh/VDxuVIGZ1L6E:RmuFPobkNpYONnvfuCE
                                                                                                                                                                                                    MD5:4E2239ECE266230ECB231B306ADDE070
                                                                                                                                                                                                    SHA1:E807A078B71C660DB10A27315E761872FFD01443
                                                                                                                                                                                                    SHA-256:34130D8ABE27586EE315262D69AF4E27429B7EAB1F3131EA375C2BB62CF094BE
                                                                                                                                                                                                    SHA-512:86E6A1EAB3529E600DD5CAAB6103E34B0F618D67322A5ECF1B80839FAA028150C492A5CF865A2292CC8584FBA008955DA81A50B92301583424401D249C5F1401
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........TB#.5,p.5,p.5,p.M.p.5,p.I-q.5,p.I)q.5,p.I(q.5,p.I/q.5,pnH-q.5,p.M-q.5,p.5-p.5,pnH!q.5,pnH,q.5,pnH.p.5,pnH.q.5,pRich.5,p........PE..d......e.........." ...#.d..........06....................................................`......................................... %..L...l%..x....p.......P.......@.../......4.......T...........................p...@............................................text...:b.......d.................. ..`.rdata..............h..............@..@.data...(....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..4............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_multiprocessing.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35096
                                                                                                                                                                                                    Entropy (8bit):6.456173627081832
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:VAIvrenSE0PkA9c0ji+m9IGWte5YiSyv2pAAMxkEn:6ITQSH9c0jlm9IGWtU7SyOOxj
                                                                                                                                                                                                    MD5:811BCEE2F4246265898167B103FC699B
                                                                                                                                                                                                    SHA1:AE3DE8ACBA56CDE71001D3796A48730E1B9C7CCE
                                                                                                                                                                                                    SHA-256:FB69005B972DC3703F9EF42E8E0FDDF8C835CB91F57EF9B6C66BBDF978C00A8C
                                                                                                                                                                                                    SHA-512:1F71E23CE4B6BC35FE772542D7845DCBEA2A34522BA0468B61CB05F9ABAB7732CBF524BCFF498D1BD0B13B5E8A45C373CCA19AD20E5370F17259E281EDF344BE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........)*.wGy.wGy.wGy...y.wGy'.Fx.wGy'.Bx.wGy'.Cx.wGy'.Dx.wGyA.Fx.wGy.wFy.wGy..Fx.wGyA.Jx.wGyA.Gx.wGyA..y.wGyA.Ex.wGyRich.wGy........................PE..d...W..e.........." ...#.....>......P.....................................................`.........................................0E..`....E..x............p.......Z.../...........4..T............................3..@............0...............................text............................... ..`.rdata..r ...0..."..."..............@..@.data........`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_overlapped.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):55576
                                                                                                                                                                                                    Entropy (8bit):6.3454178187323755
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:2ND3ua5sIRL9EiqXxpNdtrtBIGXtz7SyNxM:2NjOiUpNdPBIGXtzi
                                                                                                                                                                                                    MD5:F9C67280538408411BE9A7341B93B5B0
                                                                                                                                                                                                    SHA1:CCF776CD2483BC83B48B1DB322D7B6FCAB48356E
                                                                                                                                                                                                    SHA-256:5D298BB811037B583CFF6C88531F1742FAE5EEE47C290ADB47DDBD0D6126B9CC
                                                                                                                                                                                                    SHA-512:AF2156738893EF504D582ACE6750B25BC42AD1EC8A92E0550CE54810706D854F37A82F38EB965A537CAD5D35C0178C5EB7B4D20DB2A95BEBFECF9A13C0592646
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|!{X.O(X.O(X.O(Qe.(\.O(.aN)Z.O(.aJ)T.O(.aK)P.O(.aL)[.O(.`N)Z.O(X.N(/.O(.eN)].O(.eK)Y.O(.`B)Y.O(.`O)Y.O(.`.(Y.O(.`M)Y.O(RichX.O(................PE..d...V..e.........." ...#.L...`......P...............................................wC....`.............................................X...X............................/......(....f..T...........................`e..@............`...............................text....J.......L.................. ..`.rdata..D8...`...:...P..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_queue.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):32536
                                                                                                                                                                                                    Entropy (8bit):6.464181935983508
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:/k+Ea6rfMkAYY0J/MpIGQUG5YiSyvHAMxkEJ5YSv:8tfHY0JEpIGQU87SyPx/Y+
                                                                                                                                                                                                    MD5:6E00E0821BB519333CCFD4E61A83CB38
                                                                                                                                                                                                    SHA1:3550A41BB2EA54F456940C4D1940ACAB36815949
                                                                                                                                                                                                    SHA-256:2AD02D49691A629F038F48FCDEE46A07C4FCC2CB0620086E7B09AC11915AE6B7
                                                                                                                                                                                                    SHA-512:C3F8332C10B58F30E292676B48ECF1860C5EF9546367B87E90789F960C91EAE4D462DD3EE9CB14F603B9086E81B6701AAB56DA5B635B22DB1E758ED0A983E562
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B:W\.[9..[9..[9..#...[9..'8..[9..'<..[9..'=..[9..':..[9..&8..[9.M#8..[9..[8.M[9..&4..[9..&9..[9..&...[9..&;..[9.Rich.[9.........................PE..d...Y..e.........." ...#.....8.......................................................a....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text............................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_socket.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):83224
                                                                                                                                                                                                    Entropy (8bit):6.340320871656589
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:ZUuhzLx79flWrqcqtpjly+uCo9/s+S+pzcHQ6B48/VI9dsSbxntpIGLwIU7SyZxL:ZU6zLRNawRy+uCo9/sT+pzuXxVIbsSde
                                                                                                                                                                                                    MD5:899380B2D48DF53414B974E11BB711E3
                                                                                                                                                                                                    SHA1:F1D11F7E970A7CD476E739243F8F197FCB3AD590
                                                                                                                                                                                                    SHA-256:B38E66E6EE413E5955EF03D619CADD40FCA8BE035B43093D2342B6F3739E883E
                                                                                                                                                                                                    SHA-512:7426CA5E7A404B9628E2966DAE544F3E8310C697145567B361825DC0B5C6CD87F2CAF567DEF8CD19E73D68643F2F38C08FF4FF0BB0A459C853F241B8FDF40024
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J./.+z|.+z|.+z|.S.|.+z|.W{}.+z|.W.}.+z|.W~}.+z|.Wy}.+z|}V{}.+z|.+{|.+z|.S{}.+z|}Vw}.+z|}Vz}.+z|}V.|.+z|}Vx}.+z|Rich.+z|................PE..d......e.........." ...#.v...........-.......................................`...........`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...H...........................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_sqlite3.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):124696
                                                                                                                                                                                                    Entropy (8bit):6.2652662506859444
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:fZIPlR6TxhNO7/9CO4w5yIFGcXcpVNIGOQyl:RjFHO7kC56cXuo
                                                                                                                                                                                                    MD5:CEE93C920951C1169B615CB6330CEDDA
                                                                                                                                                                                                    SHA1:EF2ABF9F760DB2DE0BD92AFE8766A0B798CF8167
                                                                                                                                                                                                    SHA-256:FF25BDBEEF34D2AA420A79D3666C2660E7E3E96259D1F450F1AF5268553380EC
                                                                                                                                                                                                    SHA-512:999D324448BB39793E4807432C697F01F8922B0ABA4519A21D5DC4F4FC8E9E4737D7E104B205B931AF753EDA65F61D0C744F12BE84446F9C6CB3C2A5B35B773C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@.g...g...g.......g..../..g......g....+..g....*..g....-..g..q./..g..../..g...g/..f..q.#..g..q....g..q...g..q.,..g..Rich.g..........PE..d......e.........." ...#.............................................................-....`.........................................po..P....o..................8......../.......... ...T...............................@............................................text............................... ..`.rdata..............................@..@.data...8............|..............@....pdata..8...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_ssl.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):177432
                                                                                                                                                                                                    Entropy (8bit):5.975354635226847
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:KXGEr/16/nJxNOJW5NT6X3l44K5WOSCSVRJNI7IM/cbP7RHs3J7VIGC7hN:Y/r/16/nDNPT6X3l1CMVS7i
                                                                                                                                                                                                    MD5:9B4E74FD1DE0F8A197E4AA1E16749186
                                                                                                                                                                                                    SHA1:833179B49EB27C9474B5189F59ED7ECF0E6DC9EA
                                                                                                                                                                                                    SHA-256:A4CE52A9E0DADDBBE7A539D1A7EDA787494F2173DDCC92A3FAF43B7CF597452B
                                                                                                                                                                                                    SHA-512:AE72B39CB47A859D07A1EE3E73DE655678FE809C5C17FFD90797B5985924DDB47CEB5EBE896E50216FB445526C4CBB95E276E5F3810035B50E4604363EB61CD4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U.k.4.8.4.8.4.8.L)8.4.8.H.9.4.8.H.9.4.8.H.9.4.8.H.9.4.8kI.9.4.8.4.8#5.8.L.9.4.8kI.9.4.8kI.9.4.8kIE8.4.8kI.9.4.8Rich.4.8........................PE..d......e.........." ...#............\,....................................................`......................................... ...d.......................8......../......x...@...T...............................@............................................text.............................. ..`.rdata...!......."..................@..@.data...(...........................@....pdata..8............^..............@..@.rsrc................j..............@..@.reloc..x............t..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_uuid.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):25368
                                                                                                                                                                                                    Entropy (8bit):6.6272949891352315
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:lrfwHnEWGQiAQVIGZwJXHQIYiSy1pCQ4XAM+o/8E9VF0NyqzJSj:dQnEIHQVIGZw95YiSyv8AMxkEqw
                                                                                                                                                                                                    MD5:3C8737723A903B08D5D718336900FD8C
                                                                                                                                                                                                    SHA1:2AD2D0D50F6B52291E59503222B665B1823B0838
                                                                                                                                                                                                    SHA-256:BB418E91E543C998D11F9E65FD2A4899B09407FF386E059A88FE2A16AED2556B
                                                                                                                                                                                                    SHA-512:1D974EC1C96E884F30F4925CC9A03FB5AF78687A267DEC0D1582B5D7561D251FB733CF733E0CC00FAEE86F0FEF6F73D36A348F3461C6D34B0238A75F69320D10
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<p.R#.R#.R#...#.R#i.S".R#i.W".R#i.V".R#i.Q".R#..S".R#..S".R#.S#..R#..Z".R#..R".R#...#.R#..P".R#Rich.R#........................PE..d...]..e.........." ...#.....&...... ........................................p......wz....`.........................................`)..L....)..x....P.......@.......4.../...`..@...`#..T........................... "..@............ ..8............................text...h........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\_wmi.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36632
                                                                                                                                                                                                    Entropy (8bit):6.364173312940401
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:PgMwnWGwMtUTA7LlVIGCilx5YiSyvzAMxkEaFy:PgMwWGJtGA7LlVIGCih7Syrx+g
                                                                                                                                                                                                    MD5:EE33F4C8D17D17AD62925E85097B0109
                                                                                                                                                                                                    SHA1:8C4A03531CF3DBFE6F378FDAB9699D51E7888796
                                                                                                                                                                                                    SHA-256:79ADCA5037D9145309D3BD19F7A26F7BB7DA716EE86E01073C6F2A9681E33DAD
                                                                                                                                                                                                    SHA-512:60B0705A371AD2985DB54A91F0E904EEA502108663EA3C3FB18ED54671BE1932F4F03E8E3FD687A857A5E3500545377B036276C69E821A7D6116B327F5B3D5C1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._\...=.@.=.@.=.@.En@.=.@.A.A.=.@.A.A.=.@.A.A.=.@.@.A.=.@.A.A.=.@PE.A.=.@.=.@A=.@PE.A.=.@.@.A.=.@.@.A.=.@.@.@.=.@.@.A.=.@Rich.=.@........PE..d..._..e.........." ...#.(...:.......&....................................................`..........................................T..H....T...............p..`....`.../......t...DG..T............................C..@............@.......S..@....................text...>&.......(.................. ..`.rdata..D....@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_http_parser.cp312-win_amd64.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):264192
                                                                                                                                                                                                    Entropy (8bit):6.209859454972578
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:qV3aFwGtxiTjweCKvJ1+jLjJML5wir++JTCuG:qV3mxi3wDArolq5wiC
                                                                                                                                                                                                    MD5:40E99EAA1A21C1AA24F575855B52EEC0
                                                                                                                                                                                                    SHA1:0FE9B3B93F77D045B248C36BC5B5D5117C0176B3
                                                                                                                                                                                                    SHA-256:5F93DB706E799D00A3774CE14D078E272F8808867318C1183FDBE60D075D5F5D
                                                                                                                                                                                                    SHA-512:FAD6BF5BBCC7C54DC792A2AB9FAEFAB77DD15233BC86A566AB0B6F27128C0B0609D0E17469F373778A7122E5015D57AE8CA67BAD1D4BD47B92FCE95A47A7AA2C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............zY..zY..zY...Y..zY.q{X..zY.v{X..zY.r{X..zY..{Y..zY.qyX..zY.q~X..zY.q.X..zYuqrX..zYuqzX..zYuq.Y..zYuqxX..zYRich..zY........................PE..d....H?g.........." ...*.(...........+....................................................`.........................................@...........x....`.......@..$............p..\...P...................................@............@...............................text....'.......(.................. ..`.rdata......@.......,..............@..@.data....@..........................@....pdata..$....@......................@..@.rsrc........`......................@..@.reloc..\....p......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_http_writer.cp312-win_amd64.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):49664
                                                                                                                                                                                                    Entropy (8bit):5.798696651761287
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:oPriCeqBiVwVJAQ8mK4fE0UYq0olSgEDmYgRE8tJQ:oprimVJtFxEqqAmYg20JQ
                                                                                                                                                                                                    MD5:1412E133574C3D73B77B4964A2A18FE3
                                                                                                                                                                                                    SHA1:240E4A6149FA4AFCE7E857D5544A2A0772F9C9EB
                                                                                                                                                                                                    SHA-256:9E33CAFEA557265EE254373F662ABCE9466952F0CCAE81F774A7F0D0CD34099F
                                                                                                                                                                                                    SHA-512:07C50CADDF6AE80E6CD30DD810F755656D6F6965DB0F9586FD9D339FB551D1F086209495B5AB69DF6339698F585372B4459F14D9AEBF316F4E242B2D0DBD0B94
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~..T:...:...:...3.].8...+d..8...Hc..8...+d..9...+d..2...+d..6...rg..9...:........d..;....d..;....d1.;....d..;...Rich:...........PE..d....H?g.........." ...*.z...........|.......................................P............`............................................h...H...d....0....... ...............@......p...............................0...@...............P............................text....x.......z.................. ..`.rdata..20.......2...~..............@..@.data....N..........................@....pdata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_websocket\mask.cp312-win_amd64.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36352
                                                                                                                                                                                                    Entropy (8bit):5.654316966286352
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:3FIKmzsyA2+kEyrMxA91WZqJ91cL9U0WJtqpTHl2zwu9L6lBw81eLaZ4Y1exetk0:3ehzcnygxA91bryrczTGbw8kLssqqTH
                                                                                                                                                                                                    MD5:1D59358DA065743D07FB455DE273A25E
                                                                                                                                                                                                    SHA1:82E99FF22B104ED0FE067A20C1B18C04B3155254
                                                                                                                                                                                                    SHA-256:148E0CFFDBCD02E3EB65A6BF2F2B9A8C45BC36C113D92CCDA40408A7D01A6DC9
                                                                                                                                                                                                    SHA-512:FE21A0010A543053919419FB31DD39E810F6EBAF1BC57DC5F89645F195901F354A57EA931AA464A208BB39C1AB0A7D1AC61D60D1B5F5EFED78570FAEC46B2DE6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..T2...2...2...;.M.0...#d..0...@c..0...#d..1...#d..:...#d..>...zg..1...2........d..3....d..3....d!.3....d..3...Rich2...........................PE..d....H?g.........." ...*.N...B......`P....................................................`......................................... {..X...x{..d...................................0s...............................q..@............`...............................text....L.......N.................. ..`.rdata...)...`...*...R..............@..@.data................|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\aiohttp\_websocket\reader_c.cp312-win_amd64.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):161792
                                                                                                                                                                                                    Entropy (8bit):6.09154494600188
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:WWN8oZXh2Y/m2/0+AMvRSDFxNYH/9Iw89qV406AgGkbJT0N6ctLU+XqiasgzvtaR:/GoVwY8M5bFIwoqRkYU0qikVXMNkqB
                                                                                                                                                                                                    MD5:5B741F2BCB063D276534D43979FC8945
                                                                                                                                                                                                    SHA1:7E4B63D4856BA1A720BD2CA68F0317B827E30886
                                                                                                                                                                                                    SHA-256:52009B3A55DC0721D7DD70A25C04CC714CE33A954EB2964AC47E527977EECF25
                                                                                                                                                                                                    SHA-512:A246CFAAC9C8D6F21C08EB9CF2F6D311747AF2F67EA6C38D6EE0C8C6CF8C78174425785C3F048038914DE1E93562697E6FEE435AFA5DF7372E0CE43DC67E72A9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b..E&...&...&.../.G."...7U..$...TR..$...7U.."...7U......7U..*...nV..%...&........U..'....U..'....U+.'....U..'...Rich&...........PE..d....H?g.........." ...*..................................................................`......................................... N..`....N..x...............D...................`<.............................. ;..@............................................text............................... ..`.rdata...f.......h..................@..@.data...X$...p.......P..............@....pdata..D............f..............@..@.rsrc................t..............@..@.reloc...............v..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\attrs-24.2.0.dist-info\INSTALLER

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4
                                                                                                                                                                                                    Entropy (8bit):1.5
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Mn:M
                                                                                                                                                                                                    MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                    SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                    SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                    SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:pip.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\attrs-24.2.0.dist-info\METADATA

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (411)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11524
                                                                                                                                                                                                    Entropy (8bit):5.211520136058075
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:ERsUfi6bkQk+k/kKkegToJWicnJsPVA1oz2dv7COmoKTACoEJdQ/0G6lWg+JdQV5:ERsXpLs3VoJWRnJsPvz2dDCHoKsLgA6z
                                                                                                                                                                                                    MD5:49CABCB5F8DA14C72C8C3D00ADB3C115
                                                                                                                                                                                                    SHA1:F575BECF993ECDF9C6E43190C1CB74D3556CF912
                                                                                                                                                                                                    SHA-256:DC9824E25AFD635480A8073038B3CDFE6A56D3073A54E1A6FB21EDD4BB0F207C
                                                                                                                                                                                                    SHA-512:923DAEEE0861611D230DF263577B3C382AE26400CA5F1830EE309BD6737EED2AD934010D61CDD4796618BEDB3436CD772D9429A5BED0A106EF7DE60E114E505C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Metadata-Version: 2.3.Name: attrs.Version: 24.2.0.Summary: Classes Without Boilerplate.Project-URL: Documentation, https://www.attrs.org/.Project-URL: Changelog, https://www.attrs.org/en/stable/changelog.html.Project-URL: GitHub, https://github.com/python-attrs/attrs.Project-URL: Funding, https://github.com/sponsors/hynek.Project-URL: Tidelift, https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi.Author-email: Hynek Schlawack <hs@ox.cx>.License-Expression: MIT.License-File: LICENSE.Keywords: attribute,boilerplate,class.Classifier: Development Status :: 5 - Production/Stable.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classifier: Programming Languag

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\attrs-24.2.0.dist-info\RECORD

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3556
                                                                                                                                                                                                    Entropy (8bit):5.809424313364516
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:Q9ewBtnJT/oPynEddwBbCobXm9qGmR5VXzskcGD+qLtxO:2ewnXJCKXGeR/XzKiO
                                                                                                                                                                                                    MD5:4B6973D2285295CF5E3A45E64EB7A455
                                                                                                                                                                                                    SHA1:1089F2F3C35303D6D5DD19F0C0F707B9609EE3F2
                                                                                                                                                                                                    SHA-256:2B368DFC37283970C33CC8D4EEC129F668EB99EBF9D3AA27F49A1B149658F2B0
                                                                                                                                                                                                    SHA-512:A5150ECB625A3CFDC3F22C60EB7B16FDBED01CD47505BD520491B477AE24E8C59FFAE2334948122E656F6F0A5F2AF0635B6D976241745583A3D7AF9E3781718D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:attr/__init__.py,sha256=l8Ewh5KZE7CCY0i1iDfSCnFiUTIkBVoqsXjX9EZnIVA,2087..attr/__init__.pyi,sha256=aTVHBPX6krCGvbQvOl_UKqEzmi2HFsaIVm2WKmAiqVs,11434..attr/__pycache__/__init__.cpython-312.pyc,,..attr/__pycache__/_cmp.cpython-312.pyc,,..attr/__pycache__/_compat.cpython-312.pyc,,..attr/__pycache__/_config.cpython-312.pyc,,..attr/__pycache__/_funcs.cpython-312.pyc,,..attr/__pycache__/_make.cpython-312.pyc,,..attr/__pycache__/_next_gen.cpython-312.pyc,,..attr/__pycache__/_version_info.cpython-312.pyc,,..attr/__pycache__/converters.cpython-312.pyc,,..attr/__pycache__/exceptions.cpython-312.pyc,,..attr/__pycache__/filters.cpython-312.pyc,,..attr/__pycache__/setters.cpython-312.pyc,,..attr/__pycache__/validators.cpython-312.pyc,,..attr/_cmp.py,sha256=3umHiBtgsEYtvNP_8XrQwTCdFoZIX4DEur76N-2a3X8,4123..attr/_cmp.pyi,sha256=U-_RU_UZOyPUEQzXE6RMYQQcjkZRY25wTH99sN0s7MM,368..attr/_compat.py,sha256=n2Uk3c-ywv0PkFfGlvqR7SzDXp4NOhWmNV_ZK6YfWoM,2958..attr/_config.py,sha256=z81Vt-GeT_2taxs1XZfmHx9TWlSxjP

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\attrs-24.2.0.dist-info\WHEEL

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):87
                                                                                                                                                                                                    Entropy (8bit):4.730668933656452
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:RtEeXAaCTQnP+tPCCfA5I:Rt2PcnWBB3
                                                                                                                                                                                                    MD5:52ADFA0C417902EE8F0C3D1CA2372AC3
                                                                                                                                                                                                    SHA1:B67635615EEF7E869D74F4813B5DC576104825DD
                                                                                                                                                                                                    SHA-256:D7215D7625CC9AF60AED0613AAD44DB57EBA589D0CCFC3D8122114A0E514C516
                                                                                                                                                                                                    SHA-512:BFA87E7B0E76E544C2108EF40B9FAC8C5FF4327AB8EDE9FEB2891BD5D38FEA117BD9EEBAF62F6C357B4DEADDAD5A5220E0B4A54078C8C2DE34CB1DD5E00F2D62
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Wheel-Version: 1.0.Generator: hatchling 1.25.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\attrs-24.2.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1109
                                                                                                                                                                                                    Entropy (8bit):5.104415762129373
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:bGf8rUrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:bW8rUaJHlxE3dQHOs5exm3ogFh
                                                                                                                                                                                                    MD5:5E55731824CF9205CFABEAB9A0600887
                                                                                                                                                                                                    SHA1:243E9DD038D3D68C67D42C0C4BA80622C2A56246
                                                                                                                                                                                                    SHA-256:882115C95DFC2AF1EEB6714F8EC6D5CBCABF667CAFF8729F42420DA63F714E9F
                                                                                                                                                                                                    SHA-512:21B242BF6DCBAFA16336D77A40E69685D7E64A43CC30E13E484C72A93CD4496A7276E18137DC601B6A8C3C193CB775DB89853ECC6D6EB2956DEEE36826D5EBFE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:The MIT License (MIT)..Copyright (c) 2015 Hynek Schlawack and the attrs contributors..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHE

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\base_library.zip

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1329520
                                                                                                                                                                                                    Entropy (8bit):5.586627513342047
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:uttcY+b+2OGgRF1+fYNXPh26UZWAzCu7jqD9KwdgkVDdYuP0whsA9gCCaYchQ:uttcY+PnCiCAqoNqDdYuPVzEaYchQ
                                                                                                                                                                                                    MD5:9B3C32B54CF69405030D2F787FB0C7DF
                                                                                                                                                                                                    SHA1:B2D906EF86EECEB934E84ACA6985599854B70AE1
                                                                                                                                                                                                    SHA-256:7A55058782C4FEBED8EA12B4CAFF9257ED22F22B3E25BA80593E4265A1E099E8
                                                                                                                                                                                                    SHA-512:40ABBAFA11E80E83514DB17342B0271C4FD23C2380EC7BCAE97F318101561EF64F964BAEC7A6D2AD74111572473C6A728277CEBDEA8BDBEC3192D6A0A958A462
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\certifi\cacert.pem

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):299427
                                                                                                                                                                                                    Entropy (8bit):6.047872935262006
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                    MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                    SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                    SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                    SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10752
                                                                                                                                                                                                    Entropy (8bit):4.817893239381772
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:MRv9XFCk2z1/t12iwU5usJFcCyD9cqgE:aVVC5djuUFJKtgE
                                                                                                                                                                                                    MD5:71D96F1DBFCD6F767D81F8254E572751
                                                                                                                                                                                                    SHA1:E70B74430500ED5117547E0CD339D6E6F4613503
                                                                                                                                                                                                    SHA-256:611E1B4B9ED6788640F550771744D83E404432830BB8E3063F0B8EC3B98911AF
                                                                                                                                                                                                    SHA-512:7B10E13B3723DB0E826B7C7A52090DE999626D5FA6C8F9B4630FDEEF515A58C40660FA90589532A6D4377F003B3CB5B9851E276A0B3C83B9709E28E6A66A1D32
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d... $.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):124928
                                                                                                                                                                                                    Entropy (8bit):5.935676608756784
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:BETt3OiaqGB7QNX6Pq4a461TDqFRgMzrOH+d3gdy2iIeP/j3bhouROm:Bmt+is7QNqP1ab1TGb9g/iI4bhouROm
                                                                                                                                                                                                    MD5:D8F690EAE02332A6898E9C8B983C56DD
                                                                                                                                                                                                    SHA1:112C1FE25E0D948F767E02F291801C0E4AE592F0
                                                                                                                                                                                                    SHA-256:C6BB8CAD80B8D7847C52931F11D73BA64F78615218398B2C058F9B218FF21CA9
                                                                                                                                                                                                    SHA-512:E732F79F39BA9721CC59DBE8C4785FFD74DF84CA00D13D72AFA3F96B97B8C7ADF4EA9344D79EE2A1C77D58EF28D3DDCC855F3CB13EDDA928C17B1158ABCC5B4A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........yB....................7...............7.......7.......7.......6..........C....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........B.......................................0............`.............................................d.................................... ......@...................................@............P...............................text....>.......@.................. ..`.rdata..PY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography-43.0.3.dist-info\INSTALLER

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4
                                                                                                                                                                                                    Entropy (8bit):1.5
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Mn:M
                                                                                                                                                                                                    MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                    SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                    SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                    SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:pip.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography-43.0.3.dist-info\METADATA

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5440
                                                                                                                                                                                                    Entropy (8bit):5.074230645519915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:DloQIUQIhQIKQILbQIRIaMPktjaVxsxA2TLLDmplH7dwnqTIvrUmA0JQTQCQx5KN:RcPuP1srTLLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                    MD5:C891CD93024AF027647E6DE89D0FFCE2
                                                                                                                                                                                                    SHA1:01D8D6F93F1B922A91C82D4711BCEFB885AD47B0
                                                                                                                                                                                                    SHA-256:EB36E0E4251E8479EF36964440755EF22BEDD411BA87A93F726FA8E5BB0E64B0
                                                                                                                                                                                                    SHA-512:3386FBB3DCF7383B2D427093624C531C50BE34E3E0AA0984547B953E04776D0D431D5267827F4194A9B0AD1AB897869115623E802A6A1C5D2AE1AD82C96CCE71
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.3.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography-43.0.3.dist-info\RECORD

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15579
                                                                                                                                                                                                    Entropy (8bit):5.5664904316569785
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:1XeTBL1z5jF4E9VqhXJZ4WPB6s7B0Ppz+NX6in5Lqw/I+B:1XkL1hCEsJrPB6s7B0Ppz+96innVB
                                                                                                                                                                                                    MD5:4DECFB7B4491D572BFEF7359B48F44FC
                                                                                                                                                                                                    SHA1:A4A4D4BF35021D7402922CA58E1E29AE564524FD
                                                                                                                                                                                                    SHA-256:2538AB429E324FDDEAC70C8C511E24E9FAF5DC8D531D910B1A6FF17C13C5D536
                                                                                                                                                                                                    SHA-512:CE05550E47B778EAB691191A9B08C53F4BE8C3F371C5831B901D17535237A45E46F8362A1BC365DBDEF45FF7AFF475EAA4517FB43F715A4F92481F014EF2E18F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:cryptography-43.0.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.3.dist-info/METADATA,sha256=6zbg5CUehHnvNpZEQHVe8ivt1BG6h6k_cm-o5bsOZLA,5440..cryptography-43.0.3.dist-info/RECORD,,..cryptography-43.0.3.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-43.0.3.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.3.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.3.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.3.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=-FkHKD9mSuEfH37wsSKnQzJZmL5zUAUTpB5OeUQjPE0,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-312.pyc,,..cryptography/__pycache__/__ini

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography-43.0.3.dist-info\WHEEL

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):94
                                                                                                                                                                                                    Entropy (8bit):5.016084900984752
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                                    MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                                    SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                                    SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                                    SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography-43.0.3.dist-info\license_files\LICENSE

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):197
                                                                                                                                                                                                    Entropy (8bit):4.61968998873571
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                    MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                    SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                    SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                    SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography-43.0.3.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11360
                                                                                                                                                                                                    Entropy (8bit):4.426756947907149
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                    MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                    SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                    SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                    SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography-43.0.3.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1532
                                                                                                                                                                                                    Entropy (8bit):5.058591167088024
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                    MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                    SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                    SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                    SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7834624
                                                                                                                                                                                                    Entropy (8bit):6.517862303223651
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:49152:oFNZj7fIo9W67PapgzJTkrXyzNzpXAbuiqCgIns3mYEXEqMrIU6i7GtlqdVwASO/:QI9X/gIFYEXME+oFNr5VQCJheq4BsxH
                                                                                                                                                                                                    MD5:BFD28B03A4C32A9BCB001451FD002F67
                                                                                                                                                                                                    SHA1:DD528FD5F4775E16B2E743D3188B66F1174807B2
                                                                                                                                                                                                    SHA-256:8EF0F404A8BFF12FD6621D8F4F209499613F565777FE1C2A680E8A18F312D5A7
                                                                                                                                                                                                    SHA-512:6DC39638435F147B399826E34F78571D7ED2ED1232275E213A2B020224C0645E379F74A0CA5DE86930D3348981C8BB03BBBECFA601F8BA781417E7114662DDEE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.b.6...6...6...?..$...&9..4...&9..2...&9..>...&9..'...}...8...Y<..5...6...2...~8..I...6.......~8..7...~8..7...Rich6...........PE..d......g.........." ...)..Y..$........W.......................................w...........`..........................................q.....l.q.............. s...............w......zi.T....................{i.(...Pyi.@.............Y..............................text...k.Y.......Y................. ..`.rdata...A....Y..B....Y.............@..@.data...@+....q.......q.............@....pdata....... s.......r.............@..@.reloc........w.......v.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\frozenlist\_frozenlist.cp312-win_amd64.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):87040
                                                                                                                                                                                                    Entropy (8bit):5.9471652810047235
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:NIf505ZC316pwJV0Jzn4pyOJ8RMrpLkFb0GZi8fR3px7F:Q66gFlmrpLkFwGTp3pt
                                                                                                                                                                                                    MD5:5A5BD0B8845F5A47ECFC2C55ABE7413C
                                                                                                                                                                                                    SHA1:D4B2E85D30480573FEFBC413C4F7B81FA67115E1
                                                                                                                                                                                                    SHA-256:8BE6E6CC104018C0DC1AE0694330F44B94FABB6C50EEC086373DDF24117D78A7
                                                                                                                                                                                                    SHA-512:B2C24C3C5D59A4987F36DFCF677227C020BB632B7155E99D7405516BD855B03965F3FC3558E8637DA1B4E65E7EF7C5D2EA33B338BAEAE72F62017ED682D19651
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.5VK.fVK.fVK.f_3DfRK.fF..gTK.f.3.gTK.fF..gUK.fF..g^K.fF..g[K.f...gUK.fVK.f.K.f...gWK.f...gWK.f..(fWK.f...gWK.fRichVK.f........PE..d.....g.........." ...).....v............................................................`..........................................7..h...x7..x............p..(....................&..............................P%..@...............@............................text............................... ..`.rdata...J.......L..................@..@.data...h....P.......6..............@....pdata..(....p.......D..............@..@.rsrc................P..............@..@.reloc...............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\libcrypto-3.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5162776
                                                                                                                                                                                                    Entropy (8bit):5.958207976652471
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:98304:S3+FRtLtlVriXpshX179Cahd4tC9P1+1CPwDvt3uFlDCi:ASRtLtvd99Cahd4tC9w1CPwDvt3uFlDz
                                                                                                                                                                                                    MD5:51E8A5281C2092E45D8C97FBDBF39560
                                                                                                                                                                                                    SHA1:C499C810ED83AAADCE3B267807E593EC6B121211
                                                                                                                                                                                                    SHA-256:2A234B5AA20C3FAECF725BBB54FB33F3D94543F78FA7045408E905593E49960A
                                                                                                                                                                                                    SHA-512:98B91719B0975CB38D3B3C7B6F820D184EF1B64D38AD8515BE0B8B07730E2272376B9E51631FE9EFD9B8A1709FEA214CF3F77B34EEB9FD282EB09E395120E7CB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./',.kFB.kFB.kFB.b>..yFB..:C.iFB..:G.gFB..:F.cFB..:A.oFB.kFC..FB. >C.`FB.;A.KFB.;F..EB.;B.jFB.;..jFB.;@.jFB.RichkFB.........................PE..d...x..e.........." ...#..6..*......v.........................................O.......O...`.........................................0.G.0.....M.@....0N.|.....K.\.....N../...@N.....PsC.8............................qC.@.............M..............................text...4.6.......6................. ..`.rdata..`.....6.......6.............@..@.data....n....J..<....J.............@....pdata........K.......J.............@..@.idata...%....M..&....M.............@..@.00cfg..u.... N.......M.............@..@.rsrc...|....0N.......M.............@..@.reloc..k....@N.......M.............@..B................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\libffi-8.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):39696
                                                                                                                                                                                                    Entropy (8bit):6.641880464695502
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                    MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                    SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                    SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                    SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\libssl-3.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):790296
                                                                                                                                                                                                    Entropy (8bit):5.607732992846443
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:7aO1lo7USZGjweMMHO4+xuVg7gCl2VdhMd1DdwMVn4TERUr3zgKpJJ/wknofFe9A:FkeMKOr97gCAE35gEGzLpwknofFe9XbE
                                                                                                                                                                                                    MD5:BFC834BB2310DDF01BE9AD9CFF7C2A41
                                                                                                                                                                                                    SHA1:FB1D601B4FCB29FF1B13B0D2ED7119BD0472205C
                                                                                                                                                                                                    SHA-256:41AD1A04CA27A7959579E87FBBDA87C93099616A64A0E66260C983381C5570D1
                                                                                                                                                                                                    SHA-512:6AF473C7C0997F2847EBE7CEE8EF67CD682DEE41720D4F268964330B449BA71398FDA8954524F9A97CC4CDF9893B8BDC7A1CF40E9E45A73F4F35A37F31C6A9C3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T..T..T..].3.Z....V......V....X....\....P....W..T..I....e....U.._.U....U..RichT..........PE..d......e.........." ...#.6..........K........................................0.......w....`..........................................w...Q..............s.... ..pM......./......`... ...8...............................@............................................text....4.......6.................. ..`.rdata...y...P...z...:..............@..@.data....N.......H..................@....pdata..XV... ...X..................@..@.idata..bc.......d...T..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..?...........................@..B................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\multidict\_multidict.cp312-win_amd64.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):46592
                                                                                                                                                                                                    Entropy (8bit):5.417086235508803
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:67CE1/NMVzMoCQVbrw0k6To3OOG/B+jPSrSRNj4bSM2V:QruzMoNrNTo3OOG/eRF4be
                                                                                                                                                                                                    MD5:4EED96BBB1C4B6D63F50C433E9C0A16A
                                                                                                                                                                                                    SHA1:CDE34E8F1DAC7F4E98D2B0AAF1186C6938DE06C3
                                                                                                                                                                                                    SHA-256:B521B7E3B6BED424A0719C36735BC4BF2BB8B0926370B31C221C604E81F8D78B
                                                                                                                                                                                                    SHA-512:1CACB250D867FCBBC5224C3F66CB23A93F818BC1D0524CAD6D1C52295D243AF10F454FDE13FA58671D3EE62281A2A3F71A69F28B08FD942FCEDBA3C9B09A774A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v`.2...2...2...;y..0..."...0...yy..0..."...1..."...:..."...9...!...1...2...G...z...3...z...3...z.s.3...z...3...Rich2...................PE..d....}.f.........." ...).\...^...... `....................................................`.............................................d...$...d...............x...............,...................................P...@............p...............................text....[.......\.................. ..`.rdata...+...p...,...`..............@..@.data...."..........................@....pdata..x...........................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\propcache\_helpers_c.cp312-win_amd64.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):75264
                                                                                                                                                                                                    Entropy (8bit):5.884143909360528
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:lqJRuicm7rbNAx366qHC2ajmjZ1mQpheRx/gF:lqJRuiTHpq5qi2amd1XpheRx/gF
                                                                                                                                                                                                    MD5:93CCD2B7284BDC745F1ADBB8F0927F26
                                                                                                                                                                                                    SHA1:30043D4DAD9A909B2D0841D279F5266F00315AD9
                                                                                                                                                                                                    SHA-256:C8C7C9259A47961321B6D913B3CB70215A37B9CFF1DBDE9E9CBC3250C1B5AD77
                                                                                                                                                                                                    SHA-512:1DD365345FF334183A1A4AD959EC07A732836D6F1768E935462F0EA62F24F50EE62FB1324FCD813EF7BC40ED092C33F5D5BF70B8D016B67BE9A9274DAD2868D6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T........?..............................................W.................S.........Rich..........................PE..d...V..g.........." ...).....l...............................................p............`.............................................d.......d....P.......@...............`..T...@...................................@............................................text...H........................... ..`.rdata..*E.......F..................@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc..T....`.......$..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\psutil\_psutil_windows.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):67072
                                                                                                                                                                                                    Entropy (8bit):5.909456553599775
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                                    MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                                    SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                                    SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                                    SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\pyexpat.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):200472
                                                                                                                                                                                                    Entropy (8bit):6.382659996286758
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:mhaQEuYCUDWuc7VmkqrgVrLJEKAAKJadAT0nIgjWdopPb/+mVApIGLhSZ:yaJh6v7VRVrLJEKAABiuXKd4GE
                                                                                                                                                                                                    MD5:F554064233C082F98EF01195693D967D
                                                                                                                                                                                                    SHA1:F191D42807867E0174DDC66D04C45250D9F6561E
                                                                                                                                                                                                    SHA-256:E1D56FFBF5E5FAB481D7A14691481B8FF5D2F4C6BF5D1A4664C832756C5942FE
                                                                                                                                                                                                    SHA-512:3573A226305CEC45333FC4D0E6FC0C3357421AD77CD8A1899C90515994351292EE5D1C445412B5563AA02520736E870A9EE879909CD992F5BE32E877792BDB88
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................g.................................h.......................h.......h.......h.......h.......Rich....................PE..d...Z..e.........." ...#............0...............................................2.....`.............................................P...`............................/..........P4..T............................3..@............ ...............................text.../........................... ..`.rdata..4.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\python3.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):68376
                                                                                                                                                                                                    Entropy (8bit):6.14883904573939
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:3V1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/J:3DmF61JFn+/OipIGL0m7Sy0xG
                                                                                                                                                                                                    MD5:77896345D4E1C406EEFF011F7A920873
                                                                                                                                                                                                    SHA1:EE8CDD531418CFD05C1A6792382D895AC347216F
                                                                                                                                                                                                    SHA-256:1E9224BA7190B6301EF47BEFA8E383D0C55700255D04A36F7DAC88EA9573F2FB
                                                                                                                                                                                                    SHA-512:3E98B1B605D70244B42A13A219F9E124944DA199A88AD4302308C801685B0C45A037A76DED319D08DBF55639591404665BEFE2091F0F4206A9472FEE58D55C22
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C..."e.."e.."e.0_m.."e.0_e.."e.0_..."e.0_g.."e.Rich."e.................PE..d...@..e.........." ...#............................................................q.....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\python312.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6972184
                                                                                                                                                                                                    Entropy (8bit):5.774196030396665
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:98304:B6vwRS7fYzmSSVlLWyJVT7OQvxHDMiEPlk:8vwRHTSVlfJVmir
                                                                                                                                                                                                    MD5:5C5602CDA7AB8418420F223366FFF5DB
                                                                                                                                                                                                    SHA1:52F81EE0AEF9B6906F7751FD2BBD4953E3F3B798
                                                                                                                                                                                                    SHA-256:E7890E38256F04EE0B55AC5276BBF3AC61392C3A3CE150BB5497B709803E17CE
                                                                                                                                                                                                    SHA-512:51C3B4F29781BB52C137DDB356E1BC5A37F3A25F0ED7D89416B14ED994121F884CB3E40CCDBB211A8989E3BD137B8DF8B28E232F98DE8F35B03965CFCE4B424F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................m.................x...s...x......x......x......Rich............PE..d...=..e.........." ...#..(..6B.....l........................................@k.......k...`......................................... .O.......O.......i......``..V...4j../....i..X.. I3.T....................7I.(....G3.@.............(..............................text...V.(.......(................. ..`.rdata...A'...(..B'...(.............@..@.data....4... P..x....O.............@....pdata...V...``..X...v_.............@..@PyRuntim......b.......a.............@....rsrc.........i.......h.............@..@.reloc...X....i..Z....h.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\pywin32_system32\pywintypes312.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):136192
                                                                                                                                                                                                    Entropy (8bit):6.007891413043079
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:ZaklTxm5xclSlX8fY/r06Yr0UWm63ELUAXkXrT4:wklTxm5xAhY/rkwNm2E4AXk
                                                                                                                                                                                                    MD5:DA0E290BA30FE8CC1A44EEEFCF090820
                                                                                                                                                                                                    SHA1:D38FCCD7D6F54AA73BD21F168289D7DCE1A9D192
                                                                                                                                                                                                    SHA-256:2D1D60B996D1D5C56C24313D97E0FCDA41A8BD6BF0299F6EA4EB4A1E25D490B7
                                                                                                                                                                                                    SHA-512:BC031D61E5772C60CBAC282D05F76D81AF1AA2A29A8602C2EFA05FC0CE1079390999336237560B408E6539A77C732F5066C1590B7FEAEDB24BAA9371783F2A8F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.I+.z'x.z'x.z'x...x.z'xW.&y.z'xc..x.z'xW."y.z'xW.#y.z'xW.$y.z'xN.#y.z'xM.&y.z'xN.&y.z'x.z&x.z'x...y.z'x..'y.z'x..%y.z'xRich.z'x................PE..d......g.........." .........................................................`............`.........................................0...lB......,....@..l.... ...............P..0....a..T............................b..8............................................text...I........................... ..`.rdata..(...........................@..@.data....-.......(..................@....pdata....... ......................@..@.rsrc...l....@......................@..@.reloc..0....P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\select.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):31000
                                                                                                                                                                                                    Entropy (8bit):6.531624163477087
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:s7ENJKHq1vv38pIGQGE5YiSyvTcAMxkEMrX:s7ENJKK1vv38pIGQGO7Syb6xuX
                                                                                                                                                                                                    MD5:BFFFF83A000BAF559F3EB2B599A1B7E8
                                                                                                                                                                                                    SHA1:7F9238BDA6D0C7CC5399C6B6AB3B42D21053F467
                                                                                                                                                                                                    SHA-256:BC71FBDFD1441D62DD86D33FF41B35DC3CC34875F625D885C58C8DC000064DAB
                                                                                                                                                                                                    SHA-512:3C0BA0CF356A727066AE0D0D6523440A882AAFB3EBDF70117993EFFD61395DEEBF179948F8C7F5222D59D1ED748C71D9D53782E16BD2F2ECCC296F2F8B4FC948
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........t.q|'.q|'.q|'...'.q|'q.}&.q|'q.y&.q|'q.x&.q|'q..&.q|'..}&.q|'.q}'.q|'..}&.q|'..q&.q|'..|&.q|'...'.q|'..~&.q|'Rich.q|'........PE..d...Z..e.........." ...#.....2............................................................`..........................................@..L...,A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text...v........................... ..`.rdata.......0......................@..@.data........P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4
                                                                                                                                                                                                    Entropy (8bit):1.5
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Mn:M
                                                                                                                                                                                                    MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                    SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                    SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                    SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:pip.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\LICENSE

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11358
                                                                                                                                                                                                    Entropy (8bit):4.4267168336581415
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                                    MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                                    SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                                    SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                                    SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\METADATA

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4648
                                                                                                                                                                                                    Entropy (8bit):5.006900644756252
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:Dx2ZSaCSmS8R902Vpnu386eLQ9Ac+fFZpDN00x2jZ2SBXZJSwTE:9Smzf02Vpnu386mQ9B+TP0vJHJSwTE
                                                                                                                                                                                                    MD5:98ABEAACC0E0E4FC385DFF67B607071A
                                                                                                                                                                                                    SHA1:E8C830D8B0942300C7C87B3B8FD15EA1396E07BD
                                                                                                                                                                                                    SHA-256:6A7B90EFFEE1E09D5B484CDF7232016A43E2D9CC9543BCBB8E494B1EC05E1F59
                                                                                                                                                                                                    SHA-512:F1D59046FFA5B0083A5259CEB03219CCDB8CC6AAC6247250CBD83E70F080784391FCC303F7630E1AD40E5CCF5041A57CB9B68ADEFEC1EBC6C31FCF7FFC65E9B7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Metadata-Version: 2.1.Name: importlib_metadata.Version: 8.0.0.Summary: Read metadata from Python packages.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/python/importlib_metadata.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: perf.Requires-D

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\RECORD

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2518
                                                                                                                                                                                                    Entropy (8bit):5.6307766747793275
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:UnuXTg06U5J/Vw9l/gfNX7/XzBk9pvJq/fwJOfYrBfnJ/V0XJnzN/3WJV:bXzP/EgdzzBkDJsoIYrBfJ/CXNz9qV
                                                                                                                                                                                                    MD5:EB513CAFA5226DDA7D54AFDCC9AD8A74
                                                                                                                                                                                                    SHA1:B394C7AEC158350BAF676AE3197BEF4D7158B31C
                                                                                                                                                                                                    SHA-256:0D8D3C6EEB9EBBE86CAC7D60861552433C329DA9EA51248B61D02BE2E5E64030
                                                                                                                                                                                                    SHA-512:A0017CFAFF47FDA6067E3C31775FACEE4728C3220C2D4BD70DEF328BD20AA71A343E39DA15CD6B406F62311894C518DFCF5C8A4AE6F853946F26A4B4E767924E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:importlib_metadata-8.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-8.0.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-8.0.0.dist-info/METADATA,sha256=anuQ7_7h4J1bSEzfcjIBakPi2cyVQ7y7jklLHsBeH1k,4648..importlib_metadata-8.0.0.dist-info/RECORD,,..importlib_metadata-8.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_metadata-8.0.0.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91..importlib_metadata-8.0.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=tZNB-23h8Bixi9uCrQqj9Yf0aeC--Josdy3IZRIQeB0,33798..importlib_metadata/__pycache__/__init__.cpython-312.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-312.pyc,,..importlib_metadata/__pycache__/_collections.cpython-312.pyc,,..importlib_metadata/__pycache__/_compat.cpython-312.pyc,,..importlib_metadata/__pycac

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\WHEEL

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):91
                                                                                                                                                                                                    Entropy (8bit):4.687870576189661
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:RtEeXMRYFAVLMvhRRP+tPCCfA5S:RtC1VLMvhjWBBf
                                                                                                                                                                                                    MD5:7D09837492494019EA51F4E97823D79F
                                                                                                                                                                                                    SHA1:7829B4324BB542799494131A270EC3BDAD4DEDEF
                                                                                                                                                                                                    SHA-256:9A0B8C95618C5FE5479CCA4A3A38D089D228D6CB1194216EE1AE26069CF5B363
                                                                                                                                                                                                    SHA-512:A0063220ECDD22C3E735ACFF6DE559ACF3AC4C37B81D37633975A22A28B026F1935CD1957C0FF7D2ECC8B7F83F250310795EECC5273B893FFAB115098F7B9C38
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Wheel-Version: 1.0.Generator: setuptools (70.1.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\top_level.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):19
                                                                                                                                                                                                    Entropy (8bit):3.536886723742169
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:JSej0EBERG:50o4G
                                                                                                                                                                                                    MD5:A24465F7850BA59507BF86D89165525C
                                                                                                                                                                                                    SHA1:4E61F9264DE74783B5924249BCFE1B06F178B9AD
                                                                                                                                                                                                    SHA-256:08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
                                                                                                                                                                                                    SHA-512:ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:importlib_metadata.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (888)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1335
                                                                                                                                                                                                    Entropy (8bit):4.226823573023539
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:FP6Hbz+g9RPZ14bJi04L6GEbX4UQF4UkZQhxI2EIhNyu:9E+i6bJmLm43+Uxxnh0u
                                                                                                                                                                                                    MD5:4CE7501F6608F6CE4011D627979E1AE4
                                                                                                                                                                                                    SHA1:78363672264D9CD3F72D5C1D3665E1657B1A5071
                                                                                                                                                                                                    SHA-256:37FEDCFFBF73C4EB9F058F47677CB33203A436FF9390E4D38A8E01C9DAD28E0B
                                                                                                                                                                                                    SHA-512:A4CDF92725E1D740758DA4DD28DF5D1131F70CEF46946B173FE6956CC0341F019D7C4FECC3C9605F354E1308858721DADA825B4C19F59C5AD1CE01AB84C46B24
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum..Curabitur pretium tincidunt lacus. Nulla gravida orci a odio. Nullam varius, turpis et commodo pharetra, est eros bibendum elit, nec luctus magna felis sollicitudin mauris. Integer in mauris eu nibh euismod gravida. Duis ac tellus et risus vulputate vehicula. Donec lobortis risus a elit. Etiam tempor. Ut ullamcorper, ligula eu tempor congue, eros est euismod turpis, id tincidunt sapien risus a quam. Maecenas fermentum consequat mi. Donec fermentum. Pellentesque malesuada nulla a mi. Duis sapien sem, aliquet nec, commodo eget, consequat quis, neque.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\wheel-0.43.0.dist-info\INSTALLER

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4
                                                                                                                                                                                                    Entropy (8bit):1.5
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Mn:M
                                                                                                                                                                                                    MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                    SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                    SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                    SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:pip.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1107
                                                                                                                                                                                                    Entropy (8bit):5.115074330424529
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                                                    MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                                                    SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                                                    SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                                                    SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\wheel-0.43.0.dist-info\METADATA

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2153
                                                                                                                                                                                                    Entropy (8bit):5.088249746074878
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
                                                                                                                                                                                                    MD5:EBEA27DA14E3F453119DC72D84343E8C
                                                                                                                                                                                                    SHA1:7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
                                                                                                                                                                                                    SHA-256:59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
                                                                                                                                                                                                    SHA-512:A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\wheel-0.43.0.dist-info\RECORD

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4557
                                                                                                                                                                                                    Entropy (8bit):5.714200636114494
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
                                                                                                                                                                                                    MD5:44D352C4997560C7BFB82D9360F5985A
                                                                                                                                                                                                    SHA1:BE58C7B8AB32790384E4E4F20865C4A88414B67A
                                                                                                                                                                                                    SHA-256:783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
                                                                                                                                                                                                    SHA-512:281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\wheel-0.43.0.dist-info\WHEEL

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):81
                                                                                                                                                                                                    Entropy (8bit):4.672346887071811
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                                    MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                                    SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                                    SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                                    SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\setuptools\_vendor\wheel-0.43.0.dist-info\entry_points.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):104
                                                                                                                                                                                                    Entropy (8bit):4.271713330022269
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
                                                                                                                                                                                                    MD5:6180E17C30BAE5B30DB371793FCE0085
                                                                                                                                                                                                    SHA1:E3A12C421562A77D90A13D8539A3A0F4D3228359
                                                                                                                                                                                                    SHA-256:AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
                                                                                                                                                                                                    SHA-512:69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\sqlite3.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1504024
                                                                                                                                                                                                    Entropy (8bit):6.578874733366613
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24576:95WQyUuqjJVKMXijWRwtHHofIyEcL/2m75i5zxHWc9C08lY8ore60hH:9b0yVKMyjWR6nofQm7U59HWKYY8
                                                                                                                                                                                                    MD5:82EA0259009FF75BBA817BD8C15C7588
                                                                                                                                                                                                    SHA1:04C49687D8241B43AE61A6C59299255EF09A7B39
                                                                                                                                                                                                    SHA-256:8AA8B909A39FCC33D1EC2AD51EAC6714A318C6EFD04F963D21B75D8F64809AD6
                                                                                                                                                                                                    SHA-512:1F8B3343898462E385D25E1820A3D7D971D633933E482EA9FFC596E7E1F902F5657A9F2C104CF320EEEF34CCE814261304E2E1C063BE4C6A807ADC9B75F3E670
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W..W..W..^.P.[....U....Z...._.....S.....T..W........V.....V....<.V......V..RichW..........................PE..d......e.........." ...#..................................................................`.........................................Px...".............................../...........*..T............................(..@...............8............................text............................... ..`.rdata..............................@..@.data...PG.......>..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\unicodedata.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1137944
                                                                                                                                                                                                    Entropy (8bit):5.462221778372869
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:IFrEHdcM6hbZCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfctZq:IFrEXcCjfk7bPNfv42BN6yzUtZq
                                                                                                                                                                                                    MD5:A1388676824CE6347D31D6C6A7A1D1B5
                                                                                                                                                                                                    SHA1:27DD45A5C9B7E61BB894F13193212C6D5668085B
                                                                                                                                                                                                    SHA-256:2480A78815F619A631210E577E733C9BAFECB7F608042E979423C5850EE390FF
                                                                                                                                                                                                    SHA-512:26EA1B33F14F08BB91027E0D35AC03F6203B4DFEEE602BB592C5292AB089B27FF6922DA2804A9E8A28E47D4351B32CF93445D894F00B4AD6E2D0C35C6C7F1D89
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w...3m..3m..3m..:...5m......1m......>m......;m......0m......0m..x...1m..3m..cm......2m......2m....j.2m......2m..Rich3m..................PE..d...]..e.........." ...#.>..........`*.......................................p.......%....`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data...X.... ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\win32\win32api.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):133632
                                                                                                                                                                                                    Entropy (8bit):5.874056262688227
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:LqnAWHjDQCj8ilDiv+zQQoMlRVFhLaNzvvA5sqQvml1RhkmrAte:L1ojDHjllCrMlRVgvY5sqQeRhkmrA
                                                                                                                                                                                                    MD5:E9D8AB0E7867F5E0D40BD474A5CA288C
                                                                                                                                                                                                    SHA1:E7BDF1664099C069CEEA18C2922A8DB049B4399A
                                                                                                                                                                                                    SHA-256:DF724F6ABD66A0549415ABAA3FDF490680E6E0CE07584E964B8BFD01E187B487
                                                                                                                                                                                                    SHA-512:49B17E11D02AE99583F835B8ECF526CF1CF9CEAB5D8FAC0FBFAF45411AC43F0594F93780AE7F6CB3EBBC169A91E81DD57A37C48A8CD5E2653962FFBDCF9879BB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V.........................................+..........................................Rich...........PE..d...!..g.........." .........................................................P............`......................................... ................0..\.......X............@..X....v..T............................;..8............0..........@....................text............................... ..`.rdata..2....0......................@..@.data...X(......."..................@....pdata..X...........................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72522\yarl\_quoting_c.cp312-win_amd64.pyd

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):97280
                                                                                                                                                                                                    Entropy (8bit):6.009362786457499
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:hA6zeuPEpCbl4DlaAw/AlDNTXBUhF5dYLprRD0WcpipPmlK:hA6jPEUbOwajI5dsOWcpipPe
                                                                                                                                                                                                    MD5:34BEE8FDC3AB28504FE568D886F846DA
                                                                                                                                                                                                    SHA1:C43EE4ADBE83571E17867DD277DD18CB42E1A6B7
                                                                                                                                                                                                    SHA-256:B4C2ADF4BD70A41C0CBB6D1296303AB66169CD52633F514164E755711F0648FB
                                                                                                                                                                                                    SHA-512:1C1013B0EF7D7BA3B01D7CA19A06F808234F3E51C1346AAC57641D2FCC03B4F4E129066D17135F91E56D3092E18FFF77740D4B5E323B5E670ADB8B3E69BDF36C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........]..............*.........................................................^.....................F.............Rich............................PE..d....@?g.........." ...*..................................................................`.........................................0X..d....X..x...............................,...0H...............................F..@............ ...............................text............................... ..`.rdata...M... ...N..................@..@.data....6...p.......`..............@....pdata...............l..............@..@.rsrc................x..............@..@.reloc..,............z..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Entropy (8bit):7.996812332992611
                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                    • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                    • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                    File name:lz4wnSavmK.exe
                                                                                                                                                                                                    File size:18'082'384 bytes
                                                                                                                                                                                                    MD5:751a7a40b57d187a0b51d92c550e1309
                                                                                                                                                                                                    SHA1:70e2bea90cf8571b803d18cfaf3bbe671f4de515
                                                                                                                                                                                                    SHA256:fdbefb2cfbcddbae6f870be9c5bf65266f8775e61422b24bbab0bf36555139ff
                                                                                                                                                                                                    SHA512:b5fbf68fc4b8f96340bd338117e3e3db718c5b933cee086000b63900d45ba358467a44fc725aabca65ea97455caaaee47e1b77d728ff434fae5b3f34b7faacf4
                                                                                                                                                                                                    SSDEEP:393216:k9Yi54urLe63hucnW+eGQRn9josCBGcZvW7JTXN6u6K2:k9Yi5Rr73hrnW+e5Rn9MVa96u6p
                                                                                                                                                                                                    TLSH:C9073398E5D85CC5D4F2993FD8E68107DA73FC1117A0CE8B57B8A5A31EA71C44A3EE20
                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d..

                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                    Icon Hash:4a464cd47461e179

                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Entrypoint:0x14000ce20
                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                    Imagebase:0x140000000
                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                    Time Stamp:0x6744D918 [Mon Nov 25 20:07:52 2024 UTC]
                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                    Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                                    call 00007F166CB3C08Ch
                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                                    jmp 00007F166CB3BCAFh
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                                    call 00007F166CB3C458h
                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                    je 00007F166CB3BE53h
                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                    mov eax, dword ptr [00000030h]
                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                    mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                    jmp 00007F166CB3BE37h
                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                    cmp ecx, eax
                                                                                                                                                                                                    je 00007F166CB3BE46h
                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                    cmpxchg dword ptr [0003570Ch], ecx
                                                                                                                                                                                                    jne 00007F166CB3BE20h
                                                                                                                                                                                                    xor al, al
                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    mov al, 01h
                                                                                                                                                                                                    jmp 00007F166CB3BE29h
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                                    test ecx, ecx
                                                                                                                                                                                                    jne 00007F166CB3BE39h
                                                                                                                                                                                                    mov byte ptr [000356F5h], 00000001h
                                                                                                                                                                                                    call 00007F166CB3B585h
                                                                                                                                                                                                    call 00007F166CB3C870h
                                                                                                                                                                                                    test al, al
                                                                                                                                                                                                    jne 00007F166CB3BE36h
                                                                                                                                                                                                    xor al, al
                                                                                                                                                                                                    jmp 00007F166CB3BE46h
                                                                                                                                                                                                    call 00007F166CB4938Fh
                                                                                                                                                                                                    test al, al
                                                                                                                                                                                                    jne 00007F166CB3BE3Bh
                                                                                                                                                                                                    xor ecx, ecx
                                                                                                                                                                                                    call 00007F166CB3C880h
                                                                                                                                                                                                    jmp 00007F166CB3BE1Ch
                                                                                                                                                                                                    mov al, 01h
                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    inc eax
                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                    sub esp, 20h
                                                                                                                                                                                                    cmp byte ptr [000356BCh], 00000000h
                                                                                                                                                                                                    mov ebx, ecx
                                                                                                                                                                                                    jne 00007F166CB3BE99h
                                                                                                                                                                                                    cmp ecx, 01h
                                                                                                                                                                                                    jnbe 00007F166CB3BE9Ch
                                                                                                                                                                                                    call 00007F166CB3C3CEh
                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                    je 00007F166CB3BE5Ah
                                                                                                                                                                                                    test ebx, ebx
                                                                                                                                                                                                    jne 00007F166CB3BE56h
                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                    lea ecx, dword ptr [000356A6h]
                                                                                                                                                                                                    call 00007F166CB49182h

                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca340x78.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xf41c.rsrc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2238.pdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x764.reloc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                    Sections

                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                    .text0x10000x29f700x2a000b8c3814c5fb0b18492ad4ec2ffe0830aFalse0.5518740699404762data6.489205819736506IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .rdata0x2b0000x12a280x12c0028cdd4013c326d828bde8c517f5f8e1eFalse0.5242838541666667data5.7507632215498985IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                    .pdata0x440000x22380x24009cd1eac931545f28ab09329f8bfce843False0.4697265625data5.2645170849678795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .rsrc0x470000xf41c0xf600455788c285fcfdcb4008bc77e762818aFalse0.803099593495935data7.5549760623589695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .reloc0x570000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                    Resources

                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                    RT_ICON0x472080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                    RT_ICON0x480b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                    RT_ICON0x489580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                    RT_ICON0x48ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                    RT_ICON0x523ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                    RT_ICON0x549940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                    RT_ICON0x55a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                    RT_GROUP_ICON0x55ea40x68data0.7019230769230769
                                                                                                                                                                                                    RT_MANIFEST0x55f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                    Imports

                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                    USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                    COMCTL32.dll
                                                                                                                                                                                                    KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                    ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                    GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Dec 6, 2024 17:48:03.683763027 CET4973180192.168.2.4163.5.242.208
                                                                                                                                                                                                    Dec 6, 2024 17:48:03.803580046 CET8049731163.5.242.208192.168.2.4
                                                                                                                                                                                                    Dec 6, 2024 17:48:03.803917885 CET4973180192.168.2.4163.5.242.208
                                                                                                                                                                                                    Dec 6, 2024 17:48:03.804020882 CET4973180192.168.2.4163.5.242.208
                                                                                                                                                                                                    Dec 6, 2024 17:48:03.923974037 CET8049731163.5.242.208192.168.2.4
                                                                                                                                                                                                    Dec 6, 2024 17:48:05.159075022 CET8049731163.5.242.208192.168.2.4
                                                                                                                                                                                                    Dec 6, 2024 17:48:05.160017967 CET4973180192.168.2.4163.5.242.208
                                                                                                                                                                                                    Dec 6, 2024 17:48:05.161467075 CET4973280192.168.2.4163.5.242.208
                                                                                                                                                                                                    Dec 6, 2024 17:48:05.281426907 CET8049731163.5.242.208192.168.2.4
                                                                                                                                                                                                    Dec 6, 2024 17:48:05.281497955 CET4973180192.168.2.4163.5.242.208
                                                                                                                                                                                                    Dec 6, 2024 17:48:05.282500029 CET8049732163.5.242.208192.168.2.4
                                                                                                                                                                                                    Dec 6, 2024 17:48:05.282578945 CET4973280192.168.2.4163.5.242.208
                                                                                                                                                                                                    Dec 6, 2024 17:48:05.282717943 CET4973280192.168.2.4163.5.242.208
                                                                                                                                                                                                    Dec 6, 2024 17:48:05.402549028 CET8049732163.5.242.208192.168.2.4
                                                                                                                                                                                                    Dec 6, 2024 17:48:06.622507095 CET8049732163.5.242.208192.168.2.4
                                                                                                                                                                                                    Dec 6, 2024 17:48:06.629486084 CET4973280192.168.2.4163.5.242.208
                                                                                                                                                                                                    Dec 6, 2024 17:48:06.750176907 CET8049732163.5.242.208192.168.2.4
                                                                                                                                                                                                    Dec 6, 2024 17:48:06.750236988 CET4973280192.168.2.4163.5.242.208

                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                    • 163.5.242.208

                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    0192.168.2.449731163.5.242.208807300C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Dec 6, 2024 17:48:03.804020882 CET160OUTGET /qweqwe_token.txt HTTP/1.1
                                                                                                                                                                                                    Host: 163.5.242.208
                                                                                                                                                                                                    User-Agent: python-requests/2.32.3
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Dec 6, 2024 17:48:05.159075022 CET354INHTTP/1.1 200 OK
                                                                                                                                                                                                    Date: Fri, 06 Dec 2024 16:48:04 GMT
                                                                                                                                                                                                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                    Last-Modified: Mon, 25 Nov 2024 18:43:53 GMT
                                                                                                                                                                                                    ETag: "2e-627c11d47037f"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Content-Length: 46
                                                                                                                                                                                                    Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                    Data Raw: 37 35 35 31 39 34 37 38 33 38 3a 41 41 46 39 39 46 76 4d 66 68 39 73 6f 54 70 55 77 61 68 55 35 75 63 44 30 54 49 59 57 6d 6c 58 77 74 6f
                                                                                                                                                                                                    Data Ascii: 7551947838:AAF99FvMfh9soTpUwahU5ucD0TIYWmlXwto


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    1192.168.2.449732163.5.242.208807300C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Dec 6, 2024 17:48:05.282717943 CET165OUTGET /5626872516_chatid.txt HTTP/1.1
                                                                                                                                                                                                    Host: 163.5.242.208
                                                                                                                                                                                                    User-Agent: python-requests/2.32.3
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Dec 6, 2024 17:48:06.622507095 CET317INHTTP/1.1 200 OK
                                                                                                                                                                                                    Date: Fri, 06 Dec 2024 16:48:06 GMT
                                                                                                                                                                                                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                    Last-Modified: Mon, 25 Nov 2024 20:06:35 GMT
                                                                                                                                                                                                    ETag: "a-627c2450d9b8d"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Content-Length: 10
                                                                                                                                                                                                    Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                    Data Raw: 35 36 32 36 38 37 32 35 31 36
                                                                                                                                                                                                    Data Ascii: 5626872516


                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                    Start time:11:47:55
                                                                                                                                                                                                    Start date:06/12/2024
                                                                                                                                                                                                    Path:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\lz4wnSavmK.exe"
                                                                                                                                                                                                    Imagebase:0x7ff77c630000
                                                                                                                                                                                                    File size:18'082'384 bytes
                                                                                                                                                                                                    MD5 hash:751A7A40B57D187A0B51D92C550E1309
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                    Start time:11:47:58
                                                                                                                                                                                                    Start date:06/12/2024
                                                                                                                                                                                                    Path:C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\lz4wnSavmK.exe"
                                                                                                                                                                                                    Imagebase:0x7ff77c630000
                                                                                                                                                                                                    File size:18'082'384 bytes
                                                                                                                                                                                                    MD5 hash:751A7A40B57D187A0B51D92C550E1309
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:10.3%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:19.9%
                                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                                      Total number of Limit Nodes:61
                                                                                                                                                                                                      execution_graph 19638 7ff77c64c590 19649 7ff77c650348 EnterCriticalSection 19638->19649 15935 7ff77c64f9fc 15936 7ff77c64fbee 15935->15936 15940 7ff77c64fa3e _isindst 15935->15940 15988 7ff77c644f78 15936->15988 15940->15936 15941 7ff77c64fabe _isindst 15940->15941 15956 7ff77c656204 15941->15956 15946 7ff77c64fc1a 16000 7ff77c64a970 IsProcessorFeaturePresent 15946->16000 15953 7ff77c64fb1b 15955 7ff77c64fbde 15953->15955 15981 7ff77c656248 15953->15981 15991 7ff77c63c5c0 15955->15991 15957 7ff77c656213 15956->15957 15958 7ff77c64fadc 15956->15958 16004 7ff77c650348 EnterCriticalSection 15957->16004 15963 7ff77c655608 15958->15963 15964 7ff77c64faf1 15963->15964 15965 7ff77c655611 15963->15965 15964->15946 15969 7ff77c655638 15964->15969 15966 7ff77c644f78 _get_daylight 11 API calls 15965->15966 15967 7ff77c655616 15966->15967 16005 7ff77c64a950 15967->16005 15970 7ff77c64fb02 15969->15970 15971 7ff77c655641 15969->15971 15970->15946 15975 7ff77c655668 15970->15975 15972 7ff77c644f78 _get_daylight 11 API calls 15971->15972 15973 7ff77c655646 15972->15973 15974 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 15973->15974 15974->15970 15976 7ff77c655671 15975->15976 15978 7ff77c64fb13 15975->15978 15977 7ff77c644f78 _get_daylight 11 API calls 15976->15977 15979 7ff77c655676 15977->15979 15978->15946 15978->15953 15980 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 15979->15980 15980->15978 16089 7ff77c650348 EnterCriticalSection 15981->16089 16090 7ff77c64b338 GetLastError 15988->16090 15990 7ff77c644f81 15990->15955 15992 7ff77c63c5c9 15991->15992 15993 7ff77c63c5d4 15992->15993 15994 7ff77c63c950 IsProcessorFeaturePresent 15992->15994 15995 7ff77c63c968 15994->15995 16107 7ff77c63cb48 RtlCaptureContext 15995->16107 16001 7ff77c64a983 16000->16001 16112 7ff77c64a684 16001->16112 16008 7ff77c64a7e8 16005->16008 16007 7ff77c64a969 16007->15964 16009 7ff77c64a813 16008->16009 16012 7ff77c64a884 16009->16012 16011 7ff77c64a83a 16011->16007 16022 7ff77c64a5cc 16012->16022 16016 7ff77c64a8bf 16016->16011 16018 7ff77c64a970 _isindst 17 API calls 16019 7ff77c64a94f 16018->16019 16020 7ff77c64a7e8 _invalid_parameter_noinfo 37 API calls 16019->16020 16021 7ff77c64a969 16020->16021 16021->16011 16023 7ff77c64a5e8 GetLastError 16022->16023 16024 7ff77c64a623 16022->16024 16025 7ff77c64a5f8 16023->16025 16024->16016 16028 7ff77c64a638 16024->16028 16031 7ff77c64b400 16025->16031 16029 7ff77c64a654 GetLastError SetLastError 16028->16029 16030 7ff77c64a66c 16028->16030 16029->16030 16030->16016 16030->16018 16032 7ff77c64b43a FlsSetValue 16031->16032 16033 7ff77c64b41f FlsGetValue 16031->16033 16035 7ff77c64b447 16032->16035 16036 7ff77c64a613 SetLastError 16032->16036 16034 7ff77c64b434 16033->16034 16033->16036 16034->16032 16048 7ff77c64ec08 16035->16048 16036->16024 16039 7ff77c64b474 FlsSetValue 16041 7ff77c64b480 FlsSetValue 16039->16041 16042 7ff77c64b492 16039->16042 16040 7ff77c64b464 FlsSetValue 16043 7ff77c64b46d 16040->16043 16041->16043 16061 7ff77c64af64 16042->16061 16055 7ff77c64a9b8 16043->16055 16053 7ff77c64ec19 _get_daylight 16048->16053 16049 7ff77c64ec6a 16052 7ff77c644f78 _get_daylight 10 API calls 16049->16052 16050 7ff77c64ec4e HeapAlloc 16051 7ff77c64b456 16050->16051 16050->16053 16051->16039 16051->16040 16052->16051 16053->16049 16053->16050 16066 7ff77c653600 16053->16066 16056 7ff77c64a9bd RtlFreeHeap 16055->16056 16060 7ff77c64a9ec 16055->16060 16057 7ff77c64a9d8 GetLastError 16056->16057 16056->16060 16058 7ff77c64a9e5 __free_lconv_num 16057->16058 16059 7ff77c644f78 _get_daylight 9 API calls 16058->16059 16059->16060 16060->16036 16075 7ff77c64ae3c 16061->16075 16069 7ff77c653640 16066->16069 16074 7ff77c650348 EnterCriticalSection 16069->16074 16087 7ff77c650348 EnterCriticalSection 16075->16087 16091 7ff77c64b35c 16090->16091 16092 7ff77c64b379 FlsSetValue 16090->16092 16091->16092 16104 7ff77c64b369 16091->16104 16093 7ff77c64b38b 16092->16093 16092->16104 16095 7ff77c64ec08 _get_daylight 5 API calls 16093->16095 16094 7ff77c64b3e5 SetLastError 16094->15990 16096 7ff77c64b39a 16095->16096 16097 7ff77c64b3b8 FlsSetValue 16096->16097 16098 7ff77c64b3a8 FlsSetValue 16096->16098 16100 7ff77c64b3c4 FlsSetValue 16097->16100 16101 7ff77c64b3d6 16097->16101 16099 7ff77c64b3b1 16098->16099 16102 7ff77c64a9b8 __free_lconv_num 5 API calls 16099->16102 16100->16099 16103 7ff77c64af64 _get_daylight 5 API calls 16101->16103 16102->16104 16105 7ff77c64b3de 16103->16105 16104->16094 16106 7ff77c64a9b8 __free_lconv_num 5 API calls 16105->16106 16106->16094 16108 7ff77c63cb62 RtlLookupFunctionEntry 16107->16108 16109 7ff77c63cb78 RtlVirtualUnwind 16108->16109 16110 7ff77c63c97b 16108->16110 16109->16108 16109->16110 16111 7ff77c63c910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16110->16111 16113 7ff77c64a6be _isindst memcpy_s 16112->16113 16114 7ff77c64a6e6 RtlCaptureContext RtlLookupFunctionEntry 16113->16114 16115 7ff77c64a756 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16114->16115 16116 7ff77c64a720 RtlVirtualUnwind 16114->16116 16117 7ff77c64a7a8 _isindst 16115->16117 16116->16115 16118 7ff77c63c5c0 _log10_special 8 API calls 16117->16118 16119 7ff77c64a7c7 GetCurrentProcess TerminateProcess 16118->16119 20055 7ff77c645480 20056 7ff77c64548b 20055->20056 20064 7ff77c64f314 20056->20064 20077 7ff77c650348 EnterCriticalSection 20064->20077 20078 7ff77c65ae6e 20079 7ff77c65ae7d 20078->20079 20081 7ff77c65ae87 20078->20081 20082 7ff77c6503a8 LeaveCriticalSection 20079->20082 19794 7ff77c65add9 19797 7ff77c6454e8 LeaveCriticalSection 19794->19797 20088 7ff77c65ac53 20089 7ff77c65ac63 20088->20089 20092 7ff77c6454e8 LeaveCriticalSection 20089->20092 19547 7ff77c63bb50 19548 7ff77c63bb7e 19547->19548 19549 7ff77c63bb65 19547->19549 19549->19548 19551 7ff77c64d66c 12 API calls 19549->19551 19550 7ff77c63bbde 19551->19550 19552 7ff77c6499d1 19553 7ff77c64a448 45 API calls 19552->19553 19554 7ff77c6499d6 19553->19554 19555 7ff77c6499fd GetModuleHandleW 19554->19555 19556 7ff77c649a47 19554->19556 19555->19556 19561 7ff77c649a0a 19555->19561 19564 7ff77c6498d4 19556->19564 19561->19556 19578 7ff77c649af8 GetModuleHandleExW 19561->19578 19584 7ff77c650348 EnterCriticalSection 19564->19584 19579 7ff77c649b2c GetProcAddress 19578->19579 19580 7ff77c649b55 19578->19580 19581 7ff77c649b3e 19579->19581 19582 7ff77c649b5a FreeLibrary 19580->19582 19583 7ff77c649b61 19580->19583 19581->19580 19582->19583 19583->19556 16433 7ff77c650938 16434 7ff77c65095c 16433->16434 16436 7ff77c65096c 16433->16436 16435 7ff77c644f78 _get_daylight 11 API calls 16434->16435 16458 7ff77c650961 16435->16458 16437 7ff77c650c4c 16436->16437 16439 7ff77c65098e 16436->16439 16438 7ff77c644f78 _get_daylight 11 API calls 16437->16438 16441 7ff77c650c51 16438->16441 16440 7ff77c6509af 16439->16440 16582 7ff77c650ff4 16439->16582 16444 7ff77c650a21 16440->16444 16446 7ff77c6509d5 16440->16446 16450 7ff77c650a15 16440->16450 16443 7ff77c64a9b8 __free_lconv_num 11 API calls 16441->16443 16443->16458 16448 7ff77c64ec08 _get_daylight 11 API calls 16444->16448 16464 7ff77c6509e4 16444->16464 16445 7ff77c650ace 16457 7ff77c650aeb 16445->16457 16465 7ff77c650b3d 16445->16465 16597 7ff77c649730 16446->16597 16451 7ff77c650a37 16448->16451 16450->16445 16450->16464 16603 7ff77c65719c 16450->16603 16454 7ff77c64a9b8 __free_lconv_num 11 API calls 16451->16454 16453 7ff77c64a9b8 __free_lconv_num 11 API calls 16453->16458 16459 7ff77c650a45 16454->16459 16455 7ff77c6509fd 16455->16450 16463 7ff77c650ff4 45 API calls 16455->16463 16456 7ff77c6509df 16460 7ff77c644f78 _get_daylight 11 API calls 16456->16460 16461 7ff77c64a9b8 __free_lconv_num 11 API calls 16457->16461 16459->16450 16459->16464 16468 7ff77c64ec08 _get_daylight 11 API calls 16459->16468 16460->16464 16462 7ff77c650af4 16461->16462 16473 7ff77c650af9 16462->16473 16639 7ff77c65344c 16462->16639 16463->16450 16464->16453 16465->16464 16466 7ff77c65344c 40 API calls 16465->16466 16467 7ff77c650b7a 16466->16467 16469 7ff77c64a9b8 __free_lconv_num 11 API calls 16467->16469 16471 7ff77c650a67 16468->16471 16472 7ff77c650b84 16469->16472 16476 7ff77c64a9b8 __free_lconv_num 11 API calls 16471->16476 16472->16464 16472->16473 16474 7ff77c650c40 16473->16474 16479 7ff77c64ec08 _get_daylight 11 API calls 16473->16479 16478 7ff77c64a9b8 __free_lconv_num 11 API calls 16474->16478 16475 7ff77c650b25 16477 7ff77c64a9b8 __free_lconv_num 11 API calls 16475->16477 16476->16450 16477->16473 16478->16458 16480 7ff77c650bc8 16479->16480 16481 7ff77c650bd9 16480->16481 16482 7ff77c650bd0 16480->16482 16564 7ff77c64a514 16481->16564 16483 7ff77c64a9b8 __free_lconv_num 11 API calls 16482->16483 16486 7ff77c650bd7 16483->16486 16491 7ff77c64a9b8 __free_lconv_num 11 API calls 16486->16491 16487 7ff77c650c7b 16490 7ff77c64a970 _isindst 17 API calls 16487->16490 16488 7ff77c650bf0 16648 7ff77c6572b4 16488->16648 16493 7ff77c650c8f 16490->16493 16491->16458 16496 7ff77c650cb8 16493->16496 16502 7ff77c650cc8 16493->16502 16494 7ff77c650c17 16497 7ff77c644f78 _get_daylight 11 API calls 16494->16497 16495 7ff77c650c38 16499 7ff77c64a9b8 __free_lconv_num 11 API calls 16495->16499 16498 7ff77c644f78 _get_daylight 11 API calls 16496->16498 16500 7ff77c650c1c 16497->16500 16523 7ff77c650cbd 16498->16523 16499->16474 16503 7ff77c64a9b8 __free_lconv_num 11 API calls 16500->16503 16501 7ff77c650fab 16505 7ff77c644f78 _get_daylight 11 API calls 16501->16505 16502->16501 16504 7ff77c650cea 16502->16504 16503->16486 16506 7ff77c650d07 16504->16506 16667 7ff77c6510dc 16504->16667 16507 7ff77c650fb0 16505->16507 16510 7ff77c650d7b 16506->16510 16512 7ff77c650d2f 16506->16512 16517 7ff77c650d6f 16506->16517 16509 7ff77c64a9b8 __free_lconv_num 11 API calls 16507->16509 16509->16523 16514 7ff77c650da3 16510->16514 16518 7ff77c64ec08 _get_daylight 11 API calls 16510->16518 16534 7ff77c650d3e 16510->16534 16511 7ff77c650e2e 16522 7ff77c650e4b 16511->16522 16531 7ff77c650e9e 16511->16531 16682 7ff77c64976c 16512->16682 16514->16517 16520 7ff77c64ec08 _get_daylight 11 API calls 16514->16520 16514->16534 16516 7ff77c64a9b8 __free_lconv_num 11 API calls 16516->16523 16517->16511 16517->16534 16688 7ff77c65705c 16517->16688 16524 7ff77c650d95 16518->16524 16521 7ff77c650dc5 16520->16521 16527 7ff77c64a9b8 __free_lconv_num 11 API calls 16521->16527 16528 7ff77c64a9b8 __free_lconv_num 11 API calls 16522->16528 16529 7ff77c64a9b8 __free_lconv_num 11 API calls 16524->16529 16525 7ff77c650d57 16525->16517 16533 7ff77c6510dc 45 API calls 16525->16533 16526 7ff77c650d39 16530 7ff77c644f78 _get_daylight 11 API calls 16526->16530 16527->16517 16532 7ff77c650e54 16528->16532 16529->16514 16530->16534 16531->16534 16535 7ff77c65344c 40 API calls 16531->16535 16538 7ff77c65344c 40 API calls 16532->16538 16540 7ff77c650e5a 16532->16540 16533->16517 16534->16516 16536 7ff77c650edc 16535->16536 16537 7ff77c64a9b8 __free_lconv_num 11 API calls 16536->16537 16539 7ff77c650ee6 16537->16539 16542 7ff77c650e86 16538->16542 16539->16534 16539->16540 16541 7ff77c650f9f 16540->16541 16545 7ff77c64ec08 _get_daylight 11 API calls 16540->16545 16544 7ff77c64a9b8 __free_lconv_num 11 API calls 16541->16544 16543 7ff77c64a9b8 __free_lconv_num 11 API calls 16542->16543 16543->16540 16544->16523 16546 7ff77c650f2b 16545->16546 16547 7ff77c650f3c 16546->16547 16548 7ff77c650f33 16546->16548 16573 7ff77c6504e4 16547->16573 16550 7ff77c64a9b8 __free_lconv_num 11 API calls 16548->16550 16552 7ff77c650f3a 16550->16552 16558 7ff77c64a9b8 __free_lconv_num 11 API calls 16552->16558 16553 7ff77c650fdf 16557 7ff77c64a970 _isindst 17 API calls 16553->16557 16554 7ff77c650f52 SetEnvironmentVariableW 16555 7ff77c650f97 16554->16555 16556 7ff77c650f76 16554->16556 16561 7ff77c64a9b8 __free_lconv_num 11 API calls 16555->16561 16559 7ff77c644f78 _get_daylight 11 API calls 16556->16559 16560 7ff77c650ff3 16557->16560 16558->16523 16562 7ff77c650f7b 16559->16562 16561->16541 16563 7ff77c64a9b8 __free_lconv_num 11 API calls 16562->16563 16563->16552 16565 7ff77c64a52b 16564->16565 16566 7ff77c64a521 16564->16566 16567 7ff77c644f78 _get_daylight 11 API calls 16565->16567 16566->16565 16571 7ff77c64a546 16566->16571 16568 7ff77c64a532 16567->16568 16569 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16568->16569 16570 7ff77c64a53e 16569->16570 16570->16487 16570->16488 16571->16570 16572 7ff77c644f78 _get_daylight 11 API calls 16571->16572 16572->16568 16574 7ff77c6504fb 16573->16574 16575 7ff77c6504f1 16573->16575 16576 7ff77c644f78 _get_daylight 11 API calls 16574->16576 16575->16574 16580 7ff77c650517 16575->16580 16577 7ff77c650503 16576->16577 16578 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16577->16578 16579 7ff77c65050f 16578->16579 16579->16553 16579->16554 16580->16579 16581 7ff77c644f78 _get_daylight 11 API calls 16580->16581 16581->16577 16583 7ff77c651029 16582->16583 16584 7ff77c651011 16582->16584 16585 7ff77c64ec08 _get_daylight 11 API calls 16583->16585 16584->16440 16586 7ff77c65104d 16585->16586 16587 7ff77c6510ae 16586->16587 16591 7ff77c64ec08 _get_daylight 11 API calls 16586->16591 16592 7ff77c64a9b8 __free_lconv_num 11 API calls 16586->16592 16593 7ff77c64a514 __std_exception_copy 37 API calls 16586->16593 16594 7ff77c6510bd 16586->16594 16596 7ff77c6510d2 16586->16596 16590 7ff77c64a9b8 __free_lconv_num 11 API calls 16587->16590 16588 7ff77c64a574 __GetCurrentState 45 API calls 16589 7ff77c6510d8 16588->16589 16590->16584 16591->16586 16592->16586 16593->16586 16595 7ff77c64a970 _isindst 17 API calls 16594->16595 16595->16596 16596->16588 16598 7ff77c649740 16597->16598 16602 7ff77c649749 16597->16602 16598->16602 16712 7ff77c649208 16598->16712 16602->16455 16602->16456 16604 7ff77c6571a9 16603->16604 16605 7ff77c6562c4 16603->16605 16607 7ff77c644fbc 45 API calls 16604->16607 16606 7ff77c6562d1 16605->16606 16610 7ff77c656307 16605->16610 16608 7ff77c644f78 _get_daylight 11 API calls 16606->16608 16625 7ff77c656278 16606->16625 16613 7ff77c6571dd 16607->16613 16611 7ff77c6562db 16608->16611 16609 7ff77c656331 16612 7ff77c644f78 _get_daylight 11 API calls 16609->16612 16610->16609 16619 7ff77c656356 16610->16619 16615 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16611->16615 16616 7ff77c656336 16612->16616 16614 7ff77c6571f3 16613->16614 16618 7ff77c6571e2 16613->16618 16620 7ff77c65720a 16613->16620 16621 7ff77c644f78 _get_daylight 11 API calls 16614->16621 16622 7ff77c6562e6 16615->16622 16617 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16616->16617 16631 7ff77c656341 16617->16631 16618->16450 16626 7ff77c644fbc 45 API calls 16619->16626 16619->16631 16623 7ff77c657214 16620->16623 16624 7ff77c657226 16620->16624 16627 7ff77c6571f8 16621->16627 16622->16450 16628 7ff77c644f78 _get_daylight 11 API calls 16623->16628 16629 7ff77c65724e 16624->16629 16630 7ff77c657237 16624->16630 16625->16450 16626->16631 16632 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16627->16632 16633 7ff77c657219 16628->16633 16982 7ff77c658fbc 16629->16982 16973 7ff77c656314 16630->16973 16631->16450 16632->16618 16636 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16633->16636 16636->16618 16638 7ff77c644f78 _get_daylight 11 API calls 16638->16618 16640 7ff77c65348b 16639->16640 16641 7ff77c65346e 16639->16641 16643 7ff77c653495 16640->16643 17022 7ff77c657ca8 16640->17022 16641->16640 16642 7ff77c65347c 16641->16642 16644 7ff77c644f78 _get_daylight 11 API calls 16642->16644 17029 7ff77c657ce4 16643->17029 16647 7ff77c653481 memcpy_s 16644->16647 16647->16475 16649 7ff77c644fbc 45 API calls 16648->16649 16650 7ff77c65731a 16649->16650 16651 7ff77c657328 16650->16651 17041 7ff77c64ef94 16650->17041 17044 7ff77c64551c 16651->17044 16655 7ff77c657414 16658 7ff77c657425 16655->16658 16659 7ff77c64a9b8 __free_lconv_num 11 API calls 16655->16659 16656 7ff77c644fbc 45 API calls 16657 7ff77c657397 16656->16657 16661 7ff77c64ef94 5 API calls 16657->16661 16664 7ff77c6573a0 16657->16664 16660 7ff77c650c13 16658->16660 16662 7ff77c64a9b8 __free_lconv_num 11 API calls 16658->16662 16659->16658 16660->16494 16660->16495 16661->16664 16662->16660 16663 7ff77c64551c 14 API calls 16665 7ff77c6573fb 16663->16665 16664->16663 16665->16655 16666 7ff77c657403 SetEnvironmentVariableW 16665->16666 16666->16655 16668 7ff77c65111c 16667->16668 16669 7ff77c6510ff 16667->16669 16670 7ff77c64ec08 _get_daylight 11 API calls 16668->16670 16669->16506 16676 7ff77c651140 16670->16676 16671 7ff77c64a574 __GetCurrentState 45 API calls 16673 7ff77c6511ca 16671->16673 16672 7ff77c6511a1 16674 7ff77c64a9b8 __free_lconv_num 11 API calls 16672->16674 16674->16669 16675 7ff77c64ec08 _get_daylight 11 API calls 16675->16676 16676->16672 16676->16675 16677 7ff77c64a9b8 __free_lconv_num 11 API calls 16676->16677 16678 7ff77c6504e4 37 API calls 16676->16678 16679 7ff77c6511b0 16676->16679 16681 7ff77c6511c4 16676->16681 16677->16676 16678->16676 16680 7ff77c64a970 _isindst 17 API calls 16679->16680 16680->16681 16681->16671 16683 7ff77c64977c 16682->16683 16686 7ff77c649785 16682->16686 16683->16686 17066 7ff77c64927c 16683->17066 16686->16525 16686->16526 16689 7ff77c657069 16688->16689 16693 7ff77c657096 16688->16693 16690 7ff77c65706e 16689->16690 16689->16693 16691 7ff77c644f78 _get_daylight 11 API calls 16690->16691 16694 7ff77c657073 16691->16694 16692 7ff77c6570da 16695 7ff77c644f78 _get_daylight 11 API calls 16692->16695 16693->16692 16696 7ff77c6570f9 16693->16696 16708 7ff77c6570ce __crtLCMapStringW 16693->16708 16697 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16694->16697 16698 7ff77c6570df 16695->16698 16699 7ff77c657103 16696->16699 16700 7ff77c657115 16696->16700 16701 7ff77c65707e 16697->16701 16703 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16698->16703 16704 7ff77c644f78 _get_daylight 11 API calls 16699->16704 16702 7ff77c644fbc 45 API calls 16700->16702 16701->16517 16706 7ff77c657122 16702->16706 16703->16708 16705 7ff77c657108 16704->16705 16707 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16705->16707 16706->16708 17113 7ff77c658b78 16706->17113 16707->16708 16708->16517 16711 7ff77c644f78 _get_daylight 11 API calls 16711->16708 16713 7ff77c64921d 16712->16713 16714 7ff77c649221 16712->16714 16713->16602 16727 7ff77c64955c 16713->16727 16735 7ff77c652660 16714->16735 16719 7ff77c649233 16721 7ff77c64a9b8 __free_lconv_num 11 API calls 16719->16721 16720 7ff77c64923f 16761 7ff77c6492ec 16720->16761 16721->16713 16724 7ff77c64a9b8 __free_lconv_num 11 API calls 16725 7ff77c649266 16724->16725 16726 7ff77c64a9b8 __free_lconv_num 11 API calls 16725->16726 16726->16713 16728 7ff77c649585 16727->16728 16730 7ff77c64959e 16727->16730 16728->16602 16729 7ff77c650858 WideCharToMultiByte 16729->16730 16730->16728 16730->16729 16731 7ff77c64ec08 _get_daylight 11 API calls 16730->16731 16732 7ff77c64962e 16730->16732 16734 7ff77c64a9b8 __free_lconv_num 11 API calls 16730->16734 16731->16730 16733 7ff77c64a9b8 __free_lconv_num 11 API calls 16732->16733 16733->16728 16734->16730 16736 7ff77c65266d 16735->16736 16737 7ff77c649226 16735->16737 16780 7ff77c64b294 16736->16780 16741 7ff77c65299c GetEnvironmentStringsW 16737->16741 16742 7ff77c6529cc 16741->16742 16743 7ff77c64922b 16741->16743 16744 7ff77c650858 WideCharToMultiByte 16742->16744 16743->16719 16743->16720 16745 7ff77c652a1d 16744->16745 16746 7ff77c652a24 FreeEnvironmentStringsW 16745->16746 16747 7ff77c64d66c _fread_nolock 12 API calls 16745->16747 16746->16743 16748 7ff77c652a37 16747->16748 16749 7ff77c652a48 16748->16749 16750 7ff77c652a3f 16748->16750 16752 7ff77c650858 WideCharToMultiByte 16749->16752 16751 7ff77c64a9b8 __free_lconv_num 11 API calls 16750->16751 16753 7ff77c652a46 16751->16753 16754 7ff77c652a6b 16752->16754 16753->16746 16755 7ff77c652a79 16754->16755 16756 7ff77c652a6f 16754->16756 16758 7ff77c64a9b8 __free_lconv_num 11 API calls 16755->16758 16757 7ff77c64a9b8 __free_lconv_num 11 API calls 16756->16757 16759 7ff77c652a77 FreeEnvironmentStringsW 16757->16759 16758->16759 16759->16743 16762 7ff77c649311 16761->16762 16763 7ff77c64ec08 _get_daylight 11 API calls 16762->16763 16764 7ff77c649347 16763->16764 16766 7ff77c6493c2 16764->16766 16769 7ff77c64ec08 _get_daylight 11 API calls 16764->16769 16770 7ff77c6493b1 16764->16770 16771 7ff77c64a514 __std_exception_copy 37 API calls 16764->16771 16774 7ff77c6493e7 16764->16774 16777 7ff77c64a9b8 __free_lconv_num 11 API calls 16764->16777 16778 7ff77c64934f 16764->16778 16765 7ff77c64a9b8 __free_lconv_num 11 API calls 16768 7ff77c649247 16765->16768 16767 7ff77c64a9b8 __free_lconv_num 11 API calls 16766->16767 16767->16768 16768->16724 16769->16764 16967 7ff77c649518 16770->16967 16771->16764 16776 7ff77c64a970 _isindst 17 API calls 16774->16776 16775 7ff77c64a9b8 __free_lconv_num 11 API calls 16775->16778 16779 7ff77c6493fa 16776->16779 16777->16764 16778->16765 16781 7ff77c64b2a5 FlsGetValue 16780->16781 16782 7ff77c64b2c0 FlsSetValue 16780->16782 16783 7ff77c64b2ba 16781->16783 16784 7ff77c64b2b2 16781->16784 16782->16784 16785 7ff77c64b2cd 16782->16785 16783->16782 16786 7ff77c64b2b8 16784->16786 16787 7ff77c64a574 __GetCurrentState 45 API calls 16784->16787 16788 7ff77c64ec08 _get_daylight 11 API calls 16785->16788 16800 7ff77c652334 16786->16800 16789 7ff77c64b335 16787->16789 16790 7ff77c64b2dc 16788->16790 16791 7ff77c64b2fa FlsSetValue 16790->16791 16792 7ff77c64b2ea FlsSetValue 16790->16792 16793 7ff77c64b318 16791->16793 16794 7ff77c64b306 FlsSetValue 16791->16794 16795 7ff77c64b2f3 16792->16795 16797 7ff77c64af64 _get_daylight 11 API calls 16793->16797 16794->16795 16796 7ff77c64a9b8 __free_lconv_num 11 API calls 16795->16796 16796->16784 16798 7ff77c64b320 16797->16798 16799 7ff77c64a9b8 __free_lconv_num 11 API calls 16798->16799 16799->16786 16823 7ff77c6525a4 16800->16823 16802 7ff77c652369 16838 7ff77c652034 16802->16838 16805 7ff77c652386 16805->16737 16808 7ff77c65239f 16809 7ff77c64a9b8 __free_lconv_num 11 API calls 16808->16809 16809->16805 16810 7ff77c6523ae 16810->16810 16852 7ff77c6526dc 16810->16852 16813 7ff77c6524aa 16814 7ff77c644f78 _get_daylight 11 API calls 16813->16814 16815 7ff77c6524af 16814->16815 16819 7ff77c64a9b8 __free_lconv_num 11 API calls 16815->16819 16816 7ff77c652505 16818 7ff77c65256c 16816->16818 16863 7ff77c651e64 16816->16863 16817 7ff77c6524c4 16817->16816 16820 7ff77c64a9b8 __free_lconv_num 11 API calls 16817->16820 16822 7ff77c64a9b8 __free_lconv_num 11 API calls 16818->16822 16819->16805 16820->16816 16822->16805 16824 7ff77c6525c7 16823->16824 16825 7ff77c6525d1 16824->16825 16878 7ff77c650348 EnterCriticalSection 16824->16878 16827 7ff77c652643 16825->16827 16829 7ff77c64a574 __GetCurrentState 45 API calls 16825->16829 16827->16802 16831 7ff77c65265b 16829->16831 16833 7ff77c6526b2 16831->16833 16835 7ff77c64b294 50 API calls 16831->16835 16833->16802 16836 7ff77c65269c 16835->16836 16837 7ff77c652334 65 API calls 16836->16837 16837->16833 16839 7ff77c644fbc 45 API calls 16838->16839 16840 7ff77c652048 16839->16840 16841 7ff77c652054 GetOEMCP 16840->16841 16842 7ff77c652066 16840->16842 16843 7ff77c65207b 16841->16843 16842->16843 16844 7ff77c65206b GetACP 16842->16844 16843->16805 16845 7ff77c64d66c 16843->16845 16844->16843 16846 7ff77c64d6b7 16845->16846 16850 7ff77c64d67b _get_daylight 16845->16850 16848 7ff77c644f78 _get_daylight 11 API calls 16846->16848 16847 7ff77c64d69e HeapAlloc 16849 7ff77c64d6b5 16847->16849 16847->16850 16848->16849 16849->16808 16849->16810 16850->16846 16850->16847 16851 7ff77c653600 _get_daylight 2 API calls 16850->16851 16851->16850 16853 7ff77c652034 47 API calls 16852->16853 16854 7ff77c652709 16853->16854 16855 7ff77c65285f 16854->16855 16857 7ff77c652746 IsValidCodePage 16854->16857 16862 7ff77c652760 memcpy_s 16854->16862 16856 7ff77c63c5c0 _log10_special 8 API calls 16855->16856 16858 7ff77c6524a1 16856->16858 16857->16855 16859 7ff77c652757 16857->16859 16858->16813 16858->16817 16860 7ff77c652786 GetCPInfo 16859->16860 16859->16862 16860->16855 16860->16862 16879 7ff77c65214c 16862->16879 16966 7ff77c650348 EnterCriticalSection 16863->16966 16880 7ff77c652189 GetCPInfo 16879->16880 16881 7ff77c65227f 16879->16881 16880->16881 16886 7ff77c65219c 16880->16886 16882 7ff77c63c5c0 _log10_special 8 API calls 16881->16882 16884 7ff77c65231e 16882->16884 16884->16855 16890 7ff77c652eb0 16886->16890 16891 7ff77c644fbc 45 API calls 16890->16891 16892 7ff77c652ef2 16891->16892 16910 7ff77c64f910 16892->16910 16911 7ff77c64f919 MultiByteToWideChar 16910->16911 16968 7ff77c64951d 16967->16968 16969 7ff77c6493b9 16967->16969 16970 7ff77c649546 16968->16970 16972 7ff77c64a9b8 __free_lconv_num 11 API calls 16968->16972 16969->16775 16971 7ff77c64a9b8 __free_lconv_num 11 API calls 16970->16971 16971->16969 16972->16968 16974 7ff77c656348 16973->16974 16975 7ff77c656331 16973->16975 16974->16975 16977 7ff77c656356 16974->16977 16976 7ff77c644f78 _get_daylight 11 API calls 16975->16976 16978 7ff77c656336 16976->16978 16980 7ff77c644fbc 45 API calls 16977->16980 16981 7ff77c656341 16977->16981 16979 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16978->16979 16979->16981 16980->16981 16981->16618 16983 7ff77c644fbc 45 API calls 16982->16983 16984 7ff77c658fe1 16983->16984 16987 7ff77c658c38 16984->16987 16992 7ff77c658c86 16987->16992 16988 7ff77c63c5c0 _log10_special 8 API calls 16989 7ff77c657275 16988->16989 16989->16618 16989->16638 16990 7ff77c658d0d 16991 7ff77c64f910 _fread_nolock MultiByteToWideChar 16990->16991 16996 7ff77c658d11 16990->16996 16994 7ff77c658da5 16991->16994 16992->16990 16993 7ff77c658cf8 GetCPInfo 16992->16993 16992->16996 16993->16990 16993->16996 16995 7ff77c64d66c _fread_nolock 12 API calls 16994->16995 16994->16996 16997 7ff77c658ddc 16994->16997 16995->16997 16996->16988 16997->16996 16998 7ff77c64f910 _fread_nolock MultiByteToWideChar 16997->16998 16999 7ff77c658e4a 16998->16999 17000 7ff77c658f2c 16999->17000 17001 7ff77c64f910 _fread_nolock MultiByteToWideChar 16999->17001 17000->16996 17002 7ff77c64a9b8 __free_lconv_num 11 API calls 17000->17002 17003 7ff77c658e70 17001->17003 17002->16996 17003->17000 17004 7ff77c64d66c _fread_nolock 12 API calls 17003->17004 17005 7ff77c658e9d 17003->17005 17004->17005 17005->17000 17006 7ff77c64f910 _fread_nolock MultiByteToWideChar 17005->17006 17007 7ff77c658f14 17006->17007 17008 7ff77c658f1a 17007->17008 17009 7ff77c658f34 17007->17009 17008->17000 17011 7ff77c64a9b8 __free_lconv_num 11 API calls 17008->17011 17016 7ff77c64efd8 17009->17016 17011->17000 17013 7ff77c658f73 17013->16996 17015 7ff77c64a9b8 __free_lconv_num 11 API calls 17013->17015 17014 7ff77c64a9b8 __free_lconv_num 11 API calls 17014->17013 17015->16996 17017 7ff77c64ed80 __crtLCMapStringW 5 API calls 17016->17017 17018 7ff77c64f016 17017->17018 17019 7ff77c64f240 __crtLCMapStringW 5 API calls 17018->17019 17020 7ff77c64f01e 17018->17020 17021 7ff77c64f087 CompareStringW 17019->17021 17020->17013 17020->17014 17021->17020 17023 7ff77c657cca HeapSize 17022->17023 17024 7ff77c657cb1 17022->17024 17025 7ff77c644f78 _get_daylight 11 API calls 17024->17025 17026 7ff77c657cb6 17025->17026 17027 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 17026->17027 17028 7ff77c657cc1 17027->17028 17028->16643 17030 7ff77c657cf9 17029->17030 17031 7ff77c657d03 17029->17031 17032 7ff77c64d66c _fread_nolock 12 API calls 17030->17032 17033 7ff77c657d08 17031->17033 17039 7ff77c657d0f _get_daylight 17031->17039 17038 7ff77c657d01 17032->17038 17036 7ff77c64a9b8 __free_lconv_num 11 API calls 17033->17036 17034 7ff77c657d15 17037 7ff77c644f78 _get_daylight 11 API calls 17034->17037 17035 7ff77c657d42 HeapReAlloc 17035->17038 17035->17039 17036->17038 17037->17038 17038->16647 17039->17034 17039->17035 17040 7ff77c653600 _get_daylight 2 API calls 17039->17040 17040->17039 17042 7ff77c64ed80 __crtLCMapStringW 5 API calls 17041->17042 17043 7ff77c64efb4 17042->17043 17043->16651 17045 7ff77c64556a 17044->17045 17046 7ff77c645546 17044->17046 17047 7ff77c64556f 17045->17047 17048 7ff77c6455c4 17045->17048 17050 7ff77c64a9b8 __free_lconv_num 11 API calls 17046->17050 17054 7ff77c645555 17046->17054 17051 7ff77c645584 17047->17051 17047->17054 17055 7ff77c64a9b8 __free_lconv_num 11 API calls 17047->17055 17049 7ff77c64f910 _fread_nolock MultiByteToWideChar 17048->17049 17061 7ff77c6455e0 17049->17061 17050->17054 17052 7ff77c64d66c _fread_nolock 12 API calls 17051->17052 17052->17054 17053 7ff77c6455e7 GetLastError 17056 7ff77c644eec _fread_nolock 11 API calls 17053->17056 17054->16655 17054->16656 17055->17051 17059 7ff77c6455f4 17056->17059 17057 7ff77c645622 17057->17054 17058 7ff77c64f910 _fread_nolock MultiByteToWideChar 17057->17058 17063 7ff77c645666 17058->17063 17064 7ff77c644f78 _get_daylight 11 API calls 17059->17064 17060 7ff77c645615 17062 7ff77c64d66c _fread_nolock 12 API calls 17060->17062 17061->17053 17061->17057 17061->17060 17065 7ff77c64a9b8 __free_lconv_num 11 API calls 17061->17065 17062->17057 17063->17053 17063->17054 17064->17054 17065->17060 17067 7ff77c649295 17066->17067 17078 7ff77c649291 17066->17078 17087 7ff77c652aac GetEnvironmentStringsW 17067->17087 17070 7ff77c6492ae 17094 7ff77c6493fc 17070->17094 17071 7ff77c6492a2 17072 7ff77c64a9b8 __free_lconv_num 11 API calls 17071->17072 17072->17078 17075 7ff77c64a9b8 __free_lconv_num 11 API calls 17076 7ff77c6492d5 17075->17076 17077 7ff77c64a9b8 __free_lconv_num 11 API calls 17076->17077 17077->17078 17078->16686 17079 7ff77c64963c 17078->17079 17080 7ff77c64965f 17079->17080 17083 7ff77c649676 17079->17083 17080->16686 17081 7ff77c64f910 MultiByteToWideChar _fread_nolock 17081->17083 17082 7ff77c64ec08 _get_daylight 11 API calls 17082->17083 17083->17080 17083->17081 17083->17082 17084 7ff77c6496ea 17083->17084 17086 7ff77c64a9b8 __free_lconv_num 11 API calls 17083->17086 17085 7ff77c64a9b8 __free_lconv_num 11 API calls 17084->17085 17085->17080 17086->17083 17088 7ff77c64929a 17087->17088 17089 7ff77c652ad0 17087->17089 17088->17070 17088->17071 17090 7ff77c64d66c _fread_nolock 12 API calls 17089->17090 17091 7ff77c652b07 memcpy_s 17090->17091 17092 7ff77c64a9b8 __free_lconv_num 11 API calls 17091->17092 17093 7ff77c652b27 FreeEnvironmentStringsW 17092->17093 17093->17088 17095 7ff77c649424 17094->17095 17096 7ff77c64ec08 _get_daylight 11 API calls 17095->17096 17107 7ff77c64945f 17096->17107 17097 7ff77c649467 17098 7ff77c64a9b8 __free_lconv_num 11 API calls 17097->17098 17099 7ff77c6492b6 17098->17099 17099->17075 17100 7ff77c6494e1 17101 7ff77c64a9b8 __free_lconv_num 11 API calls 17100->17101 17101->17099 17102 7ff77c64ec08 _get_daylight 11 API calls 17102->17107 17103 7ff77c6494d0 17105 7ff77c649518 11 API calls 17103->17105 17104 7ff77c6504e4 37 API calls 17104->17107 17106 7ff77c6494d8 17105->17106 17109 7ff77c64a9b8 __free_lconv_num 11 API calls 17106->17109 17107->17097 17107->17100 17107->17102 17107->17103 17107->17104 17108 7ff77c649504 17107->17108 17111 7ff77c64a9b8 __free_lconv_num 11 API calls 17107->17111 17110 7ff77c64a970 _isindst 17 API calls 17108->17110 17109->17097 17112 7ff77c649516 17110->17112 17111->17107 17114 7ff77c658ba1 __crtLCMapStringW 17113->17114 17115 7ff77c65715e 17114->17115 17116 7ff77c64efd8 6 API calls 17114->17116 17115->16708 17115->16711 17116->17115 19926 7ff77c63cbc0 19927 7ff77c63cbd0 19926->19927 19943 7ff77c649c18 19927->19943 19929 7ff77c63cbdc 19949 7ff77c63ceb8 19929->19949 19931 7ff77c63d19c 7 API calls 19933 7ff77c63cc75 19931->19933 19932 7ff77c63cbf4 _RTC_Initialize 19941 7ff77c63cc49 19932->19941 19954 7ff77c63d068 19932->19954 19935 7ff77c63cc09 19957 7ff77c649084 19935->19957 19941->19931 19942 7ff77c63cc65 19941->19942 19944 7ff77c649c29 19943->19944 19945 7ff77c649c31 19944->19945 19946 7ff77c644f78 _get_daylight 11 API calls 19944->19946 19945->19929 19947 7ff77c649c40 19946->19947 19948 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 19947->19948 19948->19945 19950 7ff77c63cec9 19949->19950 19953 7ff77c63cece __scrt_release_startup_lock 19949->19953 19951 7ff77c63d19c 7 API calls 19950->19951 19950->19953 19952 7ff77c63cf42 19951->19952 19953->19932 19982 7ff77c63d02c 19954->19982 19956 7ff77c63d071 19956->19935 19958 7ff77c6490a4 19957->19958 19973 7ff77c63cc15 19957->19973 19959 7ff77c6490ac 19958->19959 19960 7ff77c6490c2 GetModuleFileNameW 19958->19960 19961 7ff77c644f78 _get_daylight 11 API calls 19959->19961 19964 7ff77c6490ed 19960->19964 19962 7ff77c6490b1 19961->19962 19963 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 19962->19963 19963->19973 19997 7ff77c649024 19964->19997 19967 7ff77c649135 19968 7ff77c644f78 _get_daylight 11 API calls 19967->19968 19969 7ff77c64913a 19968->19969 19972 7ff77c64a9b8 __free_lconv_num 11 API calls 19969->19972 19970 7ff77c64914d 19971 7ff77c64916f 19970->19971 19975 7ff77c64919b 19970->19975 19976 7ff77c6491b4 19970->19976 19974 7ff77c64a9b8 __free_lconv_num 11 API calls 19971->19974 19972->19973 19973->19941 19981 7ff77c63d13c InitializeSListHead 19973->19981 19974->19973 19977 7ff77c64a9b8 __free_lconv_num 11 API calls 19975->19977 19979 7ff77c64a9b8 __free_lconv_num 11 API calls 19976->19979 19978 7ff77c6491a4 19977->19978 19980 7ff77c64a9b8 __free_lconv_num 11 API calls 19978->19980 19979->19971 19980->19973 19983 7ff77c63d03f 19982->19983 19984 7ff77c63d046 19982->19984 19983->19956 19986 7ff77c64a25c 19984->19986 19989 7ff77c649e98 19986->19989 19996 7ff77c650348 EnterCriticalSection 19989->19996 19998 7ff77c64903c 19997->19998 19999 7ff77c649074 19997->19999 19998->19999 20000 7ff77c64ec08 _get_daylight 11 API calls 19998->20000 19999->19967 19999->19970 20001 7ff77c64906a 20000->20001 20002 7ff77c64a9b8 __free_lconv_num 11 API calls 20001->20002 20002->19999 20006 7ff77c649dc0 20009 7ff77c649d3c 20006->20009 20016 7ff77c650348 EnterCriticalSection 20009->20016 20093 7ff77c64b040 20094 7ff77c64b045 20093->20094 20095 7ff77c64b05a 20093->20095 20099 7ff77c64b060 20094->20099 20100 7ff77c64b0aa 20099->20100 20101 7ff77c64b0a2 20099->20101 20103 7ff77c64a9b8 __free_lconv_num 11 API calls 20100->20103 20102 7ff77c64a9b8 __free_lconv_num 11 API calls 20101->20102 20102->20100 20104 7ff77c64b0b7 20103->20104 20105 7ff77c64a9b8 __free_lconv_num 11 API calls 20104->20105 20106 7ff77c64b0c4 20105->20106 20107 7ff77c64a9b8 __free_lconv_num 11 API calls 20106->20107 20108 7ff77c64b0d1 20107->20108 20109 7ff77c64a9b8 __free_lconv_num 11 API calls 20108->20109 20110 7ff77c64b0de 20109->20110 20111 7ff77c64a9b8 __free_lconv_num 11 API calls 20110->20111 20112 7ff77c64b0eb 20111->20112 20113 7ff77c64a9b8 __free_lconv_num 11 API calls 20112->20113 20114 7ff77c64b0f8 20113->20114 20115 7ff77c64a9b8 __free_lconv_num 11 API calls 20114->20115 20116 7ff77c64b105 20115->20116 20117 7ff77c64a9b8 __free_lconv_num 11 API calls 20116->20117 20118 7ff77c64b115 20117->20118 20119 7ff77c64a9b8 __free_lconv_num 11 API calls 20118->20119 20120 7ff77c64b125 20119->20120 20125 7ff77c64af04 20120->20125 20139 7ff77c650348 EnterCriticalSection 20125->20139 17117 7ff77c63ccac 17138 7ff77c63ce7c 17117->17138 17120 7ff77c63cdf8 17292 7ff77c63d19c IsProcessorFeaturePresent 17120->17292 17121 7ff77c63ccc8 __scrt_acquire_startup_lock 17123 7ff77c63ce02 17121->17123 17128 7ff77c63cce6 __scrt_release_startup_lock 17121->17128 17124 7ff77c63d19c 7 API calls 17123->17124 17126 7ff77c63ce0d __GetCurrentState 17124->17126 17125 7ff77c63cd0b 17127 7ff77c63cd91 17144 7ff77c63d2e4 17127->17144 17128->17125 17128->17127 17281 7ff77c649b9c 17128->17281 17131 7ff77c63cd96 17147 7ff77c631000 17131->17147 17136 7ff77c63cdb9 17136->17126 17288 7ff77c63d000 17136->17288 17139 7ff77c63ce84 17138->17139 17140 7ff77c63ce90 __scrt_dllmain_crt_thread_attach 17139->17140 17141 7ff77c63ccc0 17140->17141 17142 7ff77c63ce9d 17140->17142 17141->17120 17141->17121 17142->17141 17299 7ff77c63d8f8 17142->17299 17145 7ff77c65a540 memcpy_s 17144->17145 17146 7ff77c63d2fb GetStartupInfoW 17145->17146 17146->17131 17148 7ff77c631009 17147->17148 17326 7ff77c6454f4 17148->17326 17150 7ff77c6337fb 17333 7ff77c6336b0 17150->17333 17155 7ff77c63c5c0 _log10_special 8 API calls 17158 7ff77c633ca7 17155->17158 17156 7ff77c63391b 17509 7ff77c6345b0 17156->17509 17157 7ff77c63383c 17500 7ff77c631c80 17157->17500 17286 7ff77c63d328 GetModuleHandleW 17158->17286 17161 7ff77c63385b 17405 7ff77c638a20 17161->17405 17164 7ff77c63396a 17532 7ff77c632710 17164->17532 17166 7ff77c63388e 17175 7ff77c6338bb __std_exception_destroy 17166->17175 17504 7ff77c638b90 17166->17504 17168 7ff77c63395d 17169 7ff77c633962 17168->17169 17170 7ff77c633984 17168->17170 17528 7ff77c6400bc 17169->17528 17172 7ff77c631c80 49 API calls 17170->17172 17174 7ff77c6339a3 17172->17174 17180 7ff77c631950 115 API calls 17174->17180 17176 7ff77c638a20 14 API calls 17175->17176 17183 7ff77c6338de __std_exception_destroy 17175->17183 17176->17183 17177 7ff77c638b30 40 API calls 17178 7ff77c633a0b 17177->17178 17179 7ff77c638b90 40 API calls 17178->17179 17181 7ff77c633a17 17179->17181 17182 7ff77c6339ce 17180->17182 17184 7ff77c638b90 40 API calls 17181->17184 17182->17161 17185 7ff77c6339de 17182->17185 17183->17177 17189 7ff77c63390e __std_exception_destroy 17183->17189 17186 7ff77c633a23 17184->17186 17187 7ff77c632710 54 API calls 17185->17187 17188 7ff77c638b90 40 API calls 17186->17188 17269 7ff77c633808 __std_exception_destroy 17187->17269 17188->17189 17190 7ff77c638a20 14 API calls 17189->17190 17191 7ff77c633a3b 17190->17191 17192 7ff77c633a60 __std_exception_destroy 17191->17192 17193 7ff77c633b2f 17191->17193 17206 7ff77c633aab 17192->17206 17418 7ff77c638b30 17192->17418 17194 7ff77c632710 54 API calls 17193->17194 17194->17269 17196 7ff77c638a20 14 API calls 17197 7ff77c633bf4 __std_exception_destroy 17196->17197 17198 7ff77c633d41 17197->17198 17199 7ff77c633c46 17197->17199 17543 7ff77c6344d0 17198->17543 17200 7ff77c633c50 17199->17200 17201 7ff77c633cd4 17199->17201 17425 7ff77c6390e0 17200->17425 17204 7ff77c638a20 14 API calls 17201->17204 17208 7ff77c633ce0 17204->17208 17205 7ff77c633d4f 17209 7ff77c633d71 17205->17209 17210 7ff77c633d65 17205->17210 17206->17196 17211 7ff77c633c61 17208->17211 17214 7ff77c633ced 17208->17214 17213 7ff77c631c80 49 API calls 17209->17213 17546 7ff77c634620 17210->17546 17216 7ff77c632710 54 API calls 17211->17216 17222 7ff77c633cc8 __std_exception_destroy 17213->17222 17217 7ff77c631c80 49 API calls 17214->17217 17216->17269 17220 7ff77c633d0b 17217->17220 17218 7ff77c633dc4 17475 7ff77c639400 17218->17475 17220->17222 17223 7ff77c633d12 17220->17223 17222->17218 17224 7ff77c633da7 SetDllDirectoryW LoadLibraryExW 17222->17224 17227 7ff77c632710 54 API calls 17223->17227 17224->17218 17225 7ff77c633dd7 SetDllDirectoryW 17228 7ff77c633e0a 17225->17228 17272 7ff77c633e5a 17225->17272 17227->17269 17229 7ff77c638a20 14 API calls 17228->17229 17237 7ff77c633e16 __std_exception_destroy 17229->17237 17230 7ff77c633ffc 17231 7ff77c634029 17230->17231 17232 7ff77c634006 PostMessageW GetMessageW 17230->17232 17623 7ff77c633360 17231->17623 17232->17231 17233 7ff77c633f1b 17480 7ff77c6333c0 17233->17480 17240 7ff77c633ef2 17237->17240 17244 7ff77c633e4e 17237->17244 17243 7ff77c638b30 40 API calls 17240->17243 17243->17272 17244->17272 17549 7ff77c636db0 17244->17549 17269->17155 17272->17230 17272->17233 17282 7ff77c649bb3 17281->17282 17283 7ff77c649bd4 17281->17283 17282->17127 19542 7ff77c64a448 17283->19542 17287 7ff77c63d339 17286->17287 17287->17136 17290 7ff77c63d011 17288->17290 17289 7ff77c63cdd0 17289->17125 17290->17289 17291 7ff77c63d8f8 7 API calls 17290->17291 17291->17289 17293 7ff77c63d1c2 _isindst memcpy_s 17292->17293 17294 7ff77c63d1e1 RtlCaptureContext RtlLookupFunctionEntry 17293->17294 17295 7ff77c63d20a RtlVirtualUnwind 17294->17295 17296 7ff77c63d246 memcpy_s 17294->17296 17295->17296 17297 7ff77c63d278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17296->17297 17298 7ff77c63d2c6 _isindst 17297->17298 17298->17123 17300 7ff77c63d90a 17299->17300 17301 7ff77c63d900 17299->17301 17300->17141 17305 7ff77c63dc94 17301->17305 17306 7ff77c63d905 17305->17306 17307 7ff77c63dca3 17305->17307 17309 7ff77c63dd00 17306->17309 17313 7ff77c63ded0 17307->17313 17310 7ff77c63dd2b 17309->17310 17311 7ff77c63dd0e DeleteCriticalSection 17310->17311 17312 7ff77c63dd2f 17310->17312 17311->17310 17312->17300 17317 7ff77c63dd38 17313->17317 17318 7ff77c63de22 TlsFree 17317->17318 17320 7ff77c63dd7c __vcrt_FlsAlloc 17317->17320 17319 7ff77c63ddaa LoadLibraryExW 17322 7ff77c63de49 17319->17322 17323 7ff77c63ddcb GetLastError 17319->17323 17320->17318 17320->17319 17321 7ff77c63de69 GetProcAddress 17320->17321 17325 7ff77c63dded LoadLibraryExW 17320->17325 17321->17318 17322->17321 17324 7ff77c63de60 FreeLibrary 17322->17324 17323->17320 17324->17321 17325->17320 17325->17322 17328 7ff77c64f4f0 17326->17328 17327 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 17332 7ff77c64f56c 17327->17332 17329 7ff77c64f596 17328->17329 17330 7ff77c64f543 17328->17330 17636 7ff77c64f3c8 17329->17636 17330->17327 17332->17150 17644 7ff77c63c8c0 17333->17644 17336 7ff77c6336eb GetLastError 17651 7ff77c632c50 17336->17651 17337 7ff77c633710 17646 7ff77c6392f0 FindFirstFileExW 17337->17646 17341 7ff77c633706 17344 7ff77c63c5c0 _log10_special 8 API calls 17341->17344 17342 7ff77c63377d 17677 7ff77c6394b0 17342->17677 17343 7ff77c633723 17666 7ff77c639370 CreateFileW 17343->17666 17347 7ff77c6337b5 17344->17347 17347->17269 17355 7ff77c631950 17347->17355 17349 7ff77c63378b 17349->17341 17353 7ff77c632810 49 API calls 17349->17353 17350 7ff77c63374c __vcrt_FlsAlloc 17350->17342 17351 7ff77c633734 17669 7ff77c632810 17351->17669 17353->17341 17356 7ff77c6345b0 108 API calls 17355->17356 17357 7ff77c631985 17356->17357 17358 7ff77c631c43 17357->17358 17359 7ff77c637f80 83 API calls 17357->17359 17360 7ff77c63c5c0 _log10_special 8 API calls 17358->17360 17361 7ff77c6319cb 17359->17361 17362 7ff77c631c5e 17360->17362 17404 7ff77c631a03 17361->17404 18022 7ff77c640744 17361->18022 17362->17156 17362->17157 17364 7ff77c6400bc 74 API calls 17364->17358 17365 7ff77c6319e5 17366 7ff77c6319e9 17365->17366 17367 7ff77c631a08 17365->17367 17368 7ff77c644f78 _get_daylight 11 API calls 17366->17368 18026 7ff77c64040c 17367->18026 17370 7ff77c6319ee 17368->17370 18029 7ff77c632910 17370->18029 17373 7ff77c631a45 17378 7ff77c631a7b 17373->17378 17379 7ff77c631a5c 17373->17379 17374 7ff77c631a26 17375 7ff77c644f78 _get_daylight 11 API calls 17374->17375 17376 7ff77c631a2b 17375->17376 17377 7ff77c632910 54 API calls 17376->17377 17377->17404 17381 7ff77c631c80 49 API calls 17378->17381 17380 7ff77c644f78 _get_daylight 11 API calls 17379->17380 17382 7ff77c631a61 17380->17382 17383 7ff77c631a92 17381->17383 17384 7ff77c632910 54 API calls 17382->17384 17385 7ff77c631c80 49 API calls 17383->17385 17384->17404 17386 7ff77c631add 17385->17386 17387 7ff77c640744 73 API calls 17386->17387 17388 7ff77c631b01 17387->17388 17389 7ff77c631b35 17388->17389 17390 7ff77c631b16 17388->17390 17392 7ff77c64040c _fread_nolock 53 API calls 17389->17392 17391 7ff77c644f78 _get_daylight 11 API calls 17390->17391 17393 7ff77c631b1b 17391->17393 17394 7ff77c631b4a 17392->17394 17395 7ff77c632910 54 API calls 17393->17395 17396 7ff77c631b6f 17394->17396 17397 7ff77c631b50 17394->17397 17395->17404 18044 7ff77c640180 17396->18044 17399 7ff77c644f78 _get_daylight 11 API calls 17397->17399 17401 7ff77c631b55 17399->17401 17402 7ff77c632910 54 API calls 17401->17402 17402->17404 17403 7ff77c632710 54 API calls 17403->17404 17404->17364 17406 7ff77c638a2a 17405->17406 17407 7ff77c639400 2 API calls 17406->17407 17408 7ff77c638a49 GetEnvironmentVariableW 17407->17408 17409 7ff77c638ab2 17408->17409 17410 7ff77c638a66 ExpandEnvironmentStringsW 17408->17410 17411 7ff77c63c5c0 _log10_special 8 API calls 17409->17411 17410->17409 17412 7ff77c638a88 17410->17412 17413 7ff77c638ac4 17411->17413 17414 7ff77c6394b0 2 API calls 17412->17414 17413->17166 17415 7ff77c638a9a 17414->17415 17416 7ff77c63c5c0 _log10_special 8 API calls 17415->17416 17417 7ff77c638aaa 17416->17417 17417->17166 17419 7ff77c639400 2 API calls 17418->17419 17420 7ff77c638b4c 17419->17420 17421 7ff77c639400 2 API calls 17420->17421 17422 7ff77c638b5c 17421->17422 18259 7ff77c6482a8 17422->18259 17424 7ff77c638b6a __std_exception_destroy 17424->17206 17426 7ff77c6390f5 17425->17426 18277 7ff77c638760 GetCurrentProcess OpenProcessToken 17426->18277 17429 7ff77c638760 7 API calls 17430 7ff77c639121 17429->17430 17431 7ff77c63913a 17430->17431 17432 7ff77c639154 17430->17432 17433 7ff77c6326b0 48 API calls 17431->17433 17434 7ff77c6326b0 48 API calls 17432->17434 17435 7ff77c639152 17433->17435 17436 7ff77c639167 LocalFree LocalFree 17434->17436 17435->17436 17437 7ff77c639183 17436->17437 17439 7ff77c63918f 17436->17439 18287 7ff77c632b50 17437->18287 17440 7ff77c63c5c0 _log10_special 8 API calls 17439->17440 17441 7ff77c633c55 17440->17441 17441->17211 17442 7ff77c638850 17441->17442 17443 7ff77c638868 17442->17443 17444 7ff77c6388ea GetTempPathW GetCurrentProcessId 17443->17444 17445 7ff77c63888c 17443->17445 18296 7ff77c6325c0 17444->18296 17447 7ff77c638a20 14 API calls 17445->17447 17448 7ff77c638898 17447->17448 18303 7ff77c6381c0 17448->18303 17454 7ff77c638918 __std_exception_destroy 17465 7ff77c638955 __std_exception_destroy 17454->17465 18300 7ff77c648bd8 17454->18300 17476 7ff77c639422 MultiByteToWideChar 17475->17476 17477 7ff77c639446 17475->17477 17476->17477 17479 7ff77c63945c __std_exception_destroy 17476->17479 17478 7ff77c639463 MultiByteToWideChar 17477->17478 17477->17479 17478->17479 17479->17225 17492 7ff77c6333ce memcpy_s 17480->17492 17481 7ff77c63c5c0 _log10_special 8 API calls 17482 7ff77c633664 17481->17482 17482->17269 17499 7ff77c6390c0 LocalFree 17482->17499 17483 7ff77c6335c7 17483->17481 17485 7ff77c631c80 49 API calls 17485->17492 17486 7ff77c6335e2 17488 7ff77c632710 54 API calls 17486->17488 17488->17483 17491 7ff77c6335c9 17493 7ff77c632710 54 API calls 17491->17493 17492->17483 17492->17485 17492->17486 17492->17491 17494 7ff77c632a50 54 API calls 17492->17494 17497 7ff77c6335d0 17492->17497 18465 7ff77c634550 17492->18465 18471 7ff77c637e10 17492->18471 18482 7ff77c631600 17492->18482 18530 7ff77c637110 17492->18530 18534 7ff77c634180 17492->18534 18578 7ff77c634440 17492->18578 17493->17483 17494->17492 17498 7ff77c632710 54 API calls 17497->17498 17498->17483 17501 7ff77c631ca5 17500->17501 17502 7ff77c6449f4 49 API calls 17501->17502 17503 7ff77c631cc8 17502->17503 17503->17161 17505 7ff77c639400 2 API calls 17504->17505 17506 7ff77c638ba4 17505->17506 17507 7ff77c6482a8 38 API calls 17506->17507 17508 7ff77c638bb6 __std_exception_destroy 17507->17508 17508->17175 17510 7ff77c6345bc 17509->17510 17511 7ff77c639400 2 API calls 17510->17511 17512 7ff77c6345e4 17511->17512 17513 7ff77c639400 2 API calls 17512->17513 17514 7ff77c6345f7 17513->17514 18745 7ff77c646004 17514->18745 17517 7ff77c63c5c0 _log10_special 8 API calls 17518 7ff77c63392b 17517->17518 17518->17164 17519 7ff77c637f80 17518->17519 17520 7ff77c637fa4 17519->17520 17521 7ff77c640744 73 API calls 17520->17521 17526 7ff77c63807b __std_exception_destroy 17520->17526 17522 7ff77c637fc0 17521->17522 17522->17526 19136 7ff77c647938 17522->19136 17524 7ff77c640744 73 API calls 17527 7ff77c637fd5 17524->17527 17525 7ff77c64040c _fread_nolock 53 API calls 17525->17527 17526->17168 17527->17524 17527->17525 17527->17526 17529 7ff77c6400ec 17528->17529 19151 7ff77c63fe98 17529->19151 17531 7ff77c640105 17531->17164 17533 7ff77c63c8c0 17532->17533 17534 7ff77c632734 GetCurrentProcessId 17533->17534 17535 7ff77c631c80 49 API calls 17534->17535 17536 7ff77c632787 17535->17536 17537 7ff77c6449f4 49 API calls 17536->17537 17538 7ff77c6327cf 17537->17538 17539 7ff77c632620 12 API calls 17538->17539 17540 7ff77c6327f1 17539->17540 17541 7ff77c63c5c0 _log10_special 8 API calls 17540->17541 17542 7ff77c632801 17541->17542 17542->17269 17544 7ff77c631c80 49 API calls 17543->17544 17545 7ff77c6344ed 17544->17545 17545->17205 17547 7ff77c631c80 49 API calls 17546->17547 17548 7ff77c634650 17547->17548 17548->17222 17550 7ff77c636dc5 17549->17550 17551 7ff77c633e6c 17550->17551 17552 7ff77c644f78 _get_daylight 11 API calls 17550->17552 17555 7ff77c637330 17551->17555 17553 7ff77c636dd2 17552->17553 17554 7ff77c632910 54 API calls 17553->17554 17554->17551 19162 7ff77c631470 17555->19162 19268 7ff77c636350 17623->19268 17643 7ff77c6454dc EnterCriticalSection 17636->17643 17645 7ff77c6336bc GetModuleFileNameW 17644->17645 17645->17336 17645->17337 17647 7ff77c639342 17646->17647 17648 7ff77c63932f FindClose 17646->17648 17649 7ff77c63c5c0 _log10_special 8 API calls 17647->17649 17648->17647 17650 7ff77c63371a 17649->17650 17650->17342 17650->17343 17652 7ff77c63c8c0 17651->17652 17653 7ff77c632c70 GetCurrentProcessId 17652->17653 17682 7ff77c6326b0 17653->17682 17655 7ff77c632cb9 17686 7ff77c644c48 17655->17686 17658 7ff77c6326b0 48 API calls 17659 7ff77c632d34 FormatMessageW 17658->17659 17661 7ff77c632d6d 17659->17661 17662 7ff77c632d7f MessageBoxW 17659->17662 17663 7ff77c6326b0 48 API calls 17661->17663 17664 7ff77c63c5c0 _log10_special 8 API calls 17662->17664 17663->17662 17665 7ff77c632daf 17664->17665 17665->17341 17667 7ff77c633730 17666->17667 17668 7ff77c6393b0 GetFinalPathNameByHandleW CloseHandle 17666->17668 17667->17350 17667->17351 17668->17667 17670 7ff77c632834 17669->17670 17671 7ff77c6326b0 48 API calls 17670->17671 17672 7ff77c632887 17671->17672 17673 7ff77c644c48 48 API calls 17672->17673 17674 7ff77c6328d0 MessageBoxW 17673->17674 17675 7ff77c63c5c0 _log10_special 8 API calls 17674->17675 17676 7ff77c632900 17675->17676 17676->17341 17678 7ff77c6394da WideCharToMultiByte 17677->17678 17679 7ff77c639505 17677->17679 17678->17679 17681 7ff77c63951b __std_exception_destroy 17678->17681 17680 7ff77c639522 WideCharToMultiByte 17679->17680 17679->17681 17680->17681 17681->17349 17683 7ff77c6326d5 17682->17683 17684 7ff77c644c48 48 API calls 17683->17684 17685 7ff77c6326f8 17684->17685 17685->17655 17689 7ff77c644ca2 17686->17689 17687 7ff77c644cc7 17688 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 17687->17688 17703 7ff77c644cf1 17688->17703 17689->17687 17690 7ff77c644d03 17689->17690 17704 7ff77c643000 17690->17704 17692 7ff77c64a9b8 __free_lconv_num 11 API calls 17692->17703 17694 7ff77c63c5c0 _log10_special 8 API calls 17696 7ff77c632d04 17694->17696 17695 7ff77c644de4 17695->17692 17696->17658 17697 7ff77c644e0a 17697->17695 17700 7ff77c644e14 17697->17700 17698 7ff77c644db9 17701 7ff77c64a9b8 __free_lconv_num 11 API calls 17698->17701 17699 7ff77c644db0 17699->17695 17699->17698 17702 7ff77c64a9b8 __free_lconv_num 11 API calls 17700->17702 17701->17703 17702->17703 17703->17694 17705 7ff77c64303e 17704->17705 17706 7ff77c64302e 17704->17706 17707 7ff77c643047 17705->17707 17711 7ff77c643075 17705->17711 17710 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 17706->17710 17708 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 17707->17708 17709 7ff77c64306d 17708->17709 17709->17695 17709->17697 17709->17698 17709->17699 17710->17709 17711->17706 17711->17709 17715 7ff77c643a14 17711->17715 17748 7ff77c643460 17711->17748 17785 7ff77c642bf0 17711->17785 17716 7ff77c643ac7 17715->17716 17717 7ff77c643a56 17715->17717 17720 7ff77c643acc 17716->17720 17723 7ff77c643b20 17716->17723 17718 7ff77c643a5c 17717->17718 17719 7ff77c643af1 17717->17719 17721 7ff77c643a61 17718->17721 17722 7ff77c643a90 17718->17722 17808 7ff77c641dc4 17719->17808 17726 7ff77c643b01 17720->17726 17728 7ff77c643ace 17720->17728 17725 7ff77c643b37 17721->17725 17730 7ff77c643a67 17721->17730 17722->17730 17733 7ff77c643b2f 17722->17733 17723->17725 17729 7ff77c643b2a 17723->17729 17723->17733 17822 7ff77c64471c 17725->17822 17815 7ff77c6419b4 17726->17815 17727 7ff77c643a70 17746 7ff77c643b60 17727->17746 17788 7ff77c6441c8 17727->17788 17728->17727 17737 7ff77c643add 17728->17737 17729->17719 17729->17733 17730->17727 17736 7ff77c643aa2 17730->17736 17744 7ff77c643a8b 17730->17744 17733->17746 17826 7ff77c6421d4 17733->17826 17736->17746 17798 7ff77c644504 17736->17798 17737->17719 17739 7ff77c643ae2 17737->17739 17739->17746 17804 7ff77c6445c8 17739->17804 17740 7ff77c63c5c0 _log10_special 8 API calls 17741 7ff77c643e5a 17740->17741 17741->17711 17744->17746 17747 7ff77c643d4c 17744->17747 17833 7ff77c644830 17744->17833 17746->17740 17747->17746 17839 7ff77c64ea78 17747->17839 17749 7ff77c64346e 17748->17749 17750 7ff77c643484 17748->17750 17751 7ff77c643ac7 17749->17751 17752 7ff77c643a56 17749->17752 17753 7ff77c6434c4 17749->17753 17750->17753 17754 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 17750->17754 17757 7ff77c643acc 17751->17757 17758 7ff77c643b20 17751->17758 17755 7ff77c643a5c 17752->17755 17756 7ff77c643af1 17752->17756 17753->17711 17754->17753 17759 7ff77c643a61 17755->17759 17760 7ff77c643a90 17755->17760 17763 7ff77c641dc4 38 API calls 17756->17763 17761 7ff77c643ace 17757->17761 17762 7ff77c643b01 17757->17762 17764 7ff77c643b37 17758->17764 17766 7ff77c643b2a 17758->17766 17770 7ff77c643b2f 17758->17770 17759->17764 17767 7ff77c643a67 17759->17767 17760->17767 17760->17770 17765 7ff77c643a70 17761->17765 17774 7ff77c643add 17761->17774 17768 7ff77c6419b4 38 API calls 17762->17768 17783 7ff77c643a8b 17763->17783 17771 7ff77c64471c 45 API calls 17764->17771 17769 7ff77c6441c8 47 API calls 17765->17769 17780 7ff77c643b60 17765->17780 17766->17756 17766->17770 17767->17765 17772 7ff77c643aa2 17767->17772 17767->17783 17768->17783 17769->17783 17773 7ff77c6421d4 38 API calls 17770->17773 17770->17780 17771->17783 17775 7ff77c644504 46 API calls 17772->17775 17772->17780 17773->17783 17774->17756 17776 7ff77c643ae2 17774->17776 17775->17783 17779 7ff77c6445c8 37 API calls 17776->17779 17776->17780 17777 7ff77c63c5c0 _log10_special 8 API calls 17778 7ff77c643e5a 17777->17778 17778->17711 17779->17783 17780->17777 17781 7ff77c643d4c 17781->17780 17784 7ff77c64ea78 46 API calls 17781->17784 17782 7ff77c644830 45 API calls 17782->17781 17783->17780 17783->17781 17783->17782 17784->17781 18005 7ff77c641038 17785->18005 17789 7ff77c6441ee 17788->17789 17851 7ff77c640bf0 17789->17851 17794 7ff77c644830 45 API calls 17795 7ff77c644333 17794->17795 17796 7ff77c644830 45 API calls 17795->17796 17797 7ff77c6443c1 17795->17797 17796->17797 17797->17744 17800 7ff77c644539 17798->17800 17799 7ff77c644557 17802 7ff77c64ea78 46 API calls 17799->17802 17800->17799 17801 7ff77c644830 45 API calls 17800->17801 17803 7ff77c64457e 17800->17803 17801->17799 17802->17803 17803->17744 17806 7ff77c6445e9 17804->17806 17805 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 17807 7ff77c64461a 17805->17807 17806->17805 17806->17807 17807->17744 17809 7ff77c641df7 17808->17809 17810 7ff77c641e26 17809->17810 17812 7ff77c641ee3 17809->17812 17814 7ff77c641e63 17810->17814 17978 7ff77c640c98 17810->17978 17813 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 17812->17813 17813->17814 17814->17744 17816 7ff77c6419e7 17815->17816 17817 7ff77c641a16 17816->17817 17819 7ff77c641ad3 17816->17819 17818 7ff77c640c98 12 API calls 17817->17818 17821 7ff77c641a53 17817->17821 17818->17821 17820 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 17819->17820 17820->17821 17821->17744 17823 7ff77c64475f 17822->17823 17825 7ff77c644763 __crtLCMapStringW 17823->17825 17986 7ff77c6447b8 17823->17986 17825->17744 17827 7ff77c642207 17826->17827 17828 7ff77c642236 17827->17828 17830 7ff77c6422f3 17827->17830 17829 7ff77c640c98 12 API calls 17828->17829 17832 7ff77c642273 17828->17832 17829->17832 17831 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 17830->17831 17831->17832 17832->17744 17834 7ff77c644847 17833->17834 17990 7ff77c64da28 17834->17990 17840 7ff77c64eab7 17839->17840 17842 7ff77c64eaa9 17839->17842 17840->17747 17841 7ff77c64ead7 17843 7ff77c64eae8 17841->17843 17844 7ff77c64eb0f 17841->17844 17842->17840 17842->17841 17845 7ff77c644830 45 API calls 17842->17845 17998 7ff77c650110 17843->17998 17844->17840 17847 7ff77c64eb39 17844->17847 17848 7ff77c64eb9a 17844->17848 17845->17841 17847->17840 17850 7ff77c64f910 _fread_nolock MultiByteToWideChar 17847->17850 17849 7ff77c64f910 _fread_nolock MultiByteToWideChar 17848->17849 17849->17840 17850->17840 17852 7ff77c640c27 17851->17852 17858 7ff77c640c16 17851->17858 17853 7ff77c64d66c _fread_nolock 12 API calls 17852->17853 17852->17858 17854 7ff77c640c54 17853->17854 17855 7ff77c64a9b8 __free_lconv_num 11 API calls 17854->17855 17857 7ff77c640c68 17854->17857 17855->17857 17856 7ff77c64a9b8 __free_lconv_num 11 API calls 17856->17858 17857->17856 17859 7ff77c64e5e0 17858->17859 17860 7ff77c64e5fd 17859->17860 17861 7ff77c64e630 17859->17861 17862 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 17860->17862 17861->17860 17863 7ff77c64e662 17861->17863 17872 7ff77c644311 17862->17872 17869 7ff77c64e775 17863->17869 17876 7ff77c64e6aa 17863->17876 17864 7ff77c64e867 17905 7ff77c64dacc 17864->17905 17866 7ff77c64e82d 17898 7ff77c64de64 17866->17898 17868 7ff77c64e7fc 17891 7ff77c64e144 17868->17891 17869->17864 17869->17866 17869->17868 17871 7ff77c64e7bf 17869->17871 17873 7ff77c64e7b5 17869->17873 17881 7ff77c64e374 17871->17881 17872->17794 17872->17795 17873->17866 17875 7ff77c64e7ba 17873->17875 17875->17868 17875->17871 17876->17872 17877 7ff77c64a514 __std_exception_copy 37 API calls 17876->17877 17878 7ff77c64e762 17877->17878 17878->17872 17879 7ff77c64a970 _isindst 17 API calls 17878->17879 17880 7ff77c64e8c4 17879->17880 17914 7ff77c65411c 17881->17914 17885 7ff77c64e420 17885->17872 17886 7ff77c64e41c 17886->17885 17887 7ff77c64e471 17886->17887 17889 7ff77c64e43c 17886->17889 17967 7ff77c64df60 17887->17967 17963 7ff77c64e21c 17889->17963 17892 7ff77c65411c 38 API calls 17891->17892 17893 7ff77c64e18e 17892->17893 17894 7ff77c653b64 37 API calls 17893->17894 17895 7ff77c64e1de 17894->17895 17896 7ff77c64e1e2 17895->17896 17897 7ff77c64e21c 45 API calls 17895->17897 17896->17872 17897->17896 17899 7ff77c65411c 38 API calls 17898->17899 17900 7ff77c64deaf 17899->17900 17901 7ff77c653b64 37 API calls 17900->17901 17902 7ff77c64df07 17901->17902 17903 7ff77c64df0b 17902->17903 17904 7ff77c64df60 45 API calls 17902->17904 17903->17872 17904->17903 17906 7ff77c64db44 17905->17906 17907 7ff77c64db11 17905->17907 17908 7ff77c64db5c 17906->17908 17912 7ff77c64dbdd 17906->17912 17909 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 17907->17909 17910 7ff77c64de64 46 API calls 17908->17910 17911 7ff77c64db3d memcpy_s 17909->17911 17910->17911 17911->17872 17912->17911 17913 7ff77c644830 45 API calls 17912->17913 17913->17911 17915 7ff77c65416f fegetenv 17914->17915 17916 7ff77c657e9c 37 API calls 17915->17916 17919 7ff77c6541c2 17916->17919 17917 7ff77c6542b2 17920 7ff77c657e9c 37 API calls 17917->17920 17918 7ff77c6541ef 17922 7ff77c64a514 __std_exception_copy 37 API calls 17918->17922 17919->17917 17923 7ff77c65428c 17919->17923 17924 7ff77c6541dd 17919->17924 17921 7ff77c6542dc 17920->17921 17925 7ff77c657e9c 37 API calls 17921->17925 17926 7ff77c65426d 17922->17926 17927 7ff77c64a514 __std_exception_copy 37 API calls 17923->17927 17924->17917 17924->17918 17928 7ff77c6542ed 17925->17928 17929 7ff77c655394 17926->17929 17933 7ff77c654275 17926->17933 17927->17926 17931 7ff77c658090 20 API calls 17928->17931 17930 7ff77c64a970 _isindst 17 API calls 17929->17930 17932 7ff77c6553a9 17930->17932 17941 7ff77c654356 memcpy_s 17931->17941 17934 7ff77c63c5c0 _log10_special 8 API calls 17933->17934 17935 7ff77c64e3c1 17934->17935 17959 7ff77c653b64 17935->17959 17936 7ff77c6546ff memcpy_s 17937 7ff77c654a3f 17938 7ff77c653c80 37 API calls 17937->17938 17945 7ff77c655157 17938->17945 17939 7ff77c654397 memcpy_s 17953 7ff77c654cdb memcpy_s 17939->17953 17954 7ff77c6547f3 memcpy_s 17939->17954 17940 7ff77c6549eb 17940->17937 17942 7ff77c6553ac memcpy_s 37 API calls 17940->17942 17941->17936 17941->17939 17943 7ff77c644f78 _get_daylight 11 API calls 17941->17943 17942->17937 17944 7ff77c6547d0 17943->17944 17946 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 17944->17946 17948 7ff77c6553ac memcpy_s 37 API calls 17945->17948 17958 7ff77c6551b2 17945->17958 17946->17939 17947 7ff77c655338 17949 7ff77c657e9c 37 API calls 17947->17949 17948->17958 17949->17933 17950 7ff77c644f78 11 API calls _get_daylight 17950->17953 17951 7ff77c644f78 11 API calls _get_daylight 17951->17954 17952 7ff77c64a950 37 API calls _invalid_parameter_noinfo 17952->17954 17953->17937 17953->17940 17953->17950 17956 7ff77c64a950 37 API calls _invalid_parameter_noinfo 17953->17956 17954->17940 17954->17951 17954->17952 17955 7ff77c653c80 37 API calls 17955->17958 17956->17953 17957 7ff77c6553ac memcpy_s 37 API calls 17957->17958 17958->17947 17958->17955 17958->17957 17960 7ff77c653b83 17959->17960 17961 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 17960->17961 17962 7ff77c653bae memcpy_s 17960->17962 17961->17962 17962->17886 17964 7ff77c64e248 memcpy_s 17963->17964 17964->17964 17965 7ff77c64e302 memcpy_s 17964->17965 17966 7ff77c644830 45 API calls 17964->17966 17965->17885 17966->17965 17968 7ff77c64df9b 17967->17968 17972 7ff77c64dfe8 memcpy_s 17967->17972 17969 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 17968->17969 17970 7ff77c64dfc7 17969->17970 17970->17885 17971 7ff77c64e053 17973 7ff77c64a514 __std_exception_copy 37 API calls 17971->17973 17972->17971 17974 7ff77c644830 45 API calls 17972->17974 17977 7ff77c64e095 memcpy_s 17973->17977 17974->17971 17975 7ff77c64a970 _isindst 17 API calls 17976 7ff77c64e140 17975->17976 17977->17975 17979 7ff77c640cbe 17978->17979 17980 7ff77c640ccf 17978->17980 17979->17814 17980->17979 17981 7ff77c64d66c _fread_nolock 12 API calls 17980->17981 17982 7ff77c640d00 17981->17982 17983 7ff77c640d14 17982->17983 17984 7ff77c64a9b8 __free_lconv_num 11 API calls 17982->17984 17985 7ff77c64a9b8 __free_lconv_num 11 API calls 17983->17985 17984->17983 17985->17979 17987 7ff77c6447d6 17986->17987 17989 7ff77c6447de 17986->17989 17988 7ff77c644830 45 API calls 17987->17988 17988->17989 17989->17825 17991 7ff77c64da41 17990->17991 17993 7ff77c64486f 17990->17993 17992 7ff77c653374 45 API calls 17991->17992 17991->17993 17992->17993 17994 7ff77c64da94 17993->17994 17995 7ff77c64daad 17994->17995 17996 7ff77c64487f 17994->17996 17995->17996 17997 7ff77c6526c0 45 API calls 17995->17997 17996->17747 17997->17996 18001 7ff77c656df8 17998->18001 18004 7ff77c656e5c 18001->18004 18002 7ff77c63c5c0 _log10_special 8 API calls 18003 7ff77c65012d 18002->18003 18003->17840 18004->18002 18006 7ff77c64106d 18005->18006 18007 7ff77c64107f 18005->18007 18008 7ff77c644f78 _get_daylight 11 API calls 18006->18008 18009 7ff77c64108d 18007->18009 18014 7ff77c6410c9 18007->18014 18010 7ff77c641072 18008->18010 18011 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 18009->18011 18012 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 18010->18012 18020 7ff77c64107d 18011->18020 18012->18020 18013 7ff77c641445 18015 7ff77c644f78 _get_daylight 11 API calls 18013->18015 18013->18020 18014->18013 18016 7ff77c644f78 _get_daylight 11 API calls 18014->18016 18017 7ff77c6416d9 18015->18017 18018 7ff77c64143a 18016->18018 18021 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 18017->18021 18019 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 18018->18019 18019->18013 18020->17711 18021->18020 18023 7ff77c640774 18022->18023 18050 7ff77c6404d4 18023->18050 18025 7ff77c64078d 18025->17365 18062 7ff77c64042c 18026->18062 18030 7ff77c63c8c0 18029->18030 18031 7ff77c632930 GetCurrentProcessId 18030->18031 18032 7ff77c631c80 49 API calls 18031->18032 18033 7ff77c632979 18032->18033 18076 7ff77c6449f4 18033->18076 18038 7ff77c631c80 49 API calls 18039 7ff77c6329ff 18038->18039 18106 7ff77c632620 18039->18106 18042 7ff77c63c5c0 _log10_special 8 API calls 18043 7ff77c632a31 18042->18043 18043->17404 18045 7ff77c640189 18044->18045 18046 7ff77c631b89 18044->18046 18047 7ff77c644f78 _get_daylight 11 API calls 18045->18047 18046->17403 18046->17404 18048 7ff77c64018e 18047->18048 18049 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 18048->18049 18049->18046 18051 7ff77c64053e 18050->18051 18052 7ff77c6404fe 18050->18052 18051->18052 18053 7ff77c64054a 18051->18053 18054 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 18052->18054 18061 7ff77c6454dc EnterCriticalSection 18053->18061 18056 7ff77c640525 18054->18056 18056->18025 18063 7ff77c631a20 18062->18063 18064 7ff77c640456 18062->18064 18063->17373 18063->17374 18064->18063 18065 7ff77c6404a2 18064->18065 18066 7ff77c640465 memcpy_s 18064->18066 18075 7ff77c6454dc EnterCriticalSection 18065->18075 18068 7ff77c644f78 _get_daylight 11 API calls 18066->18068 18070 7ff77c64047a 18068->18070 18072 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 18070->18072 18072->18063 18077 7ff77c644a4e 18076->18077 18078 7ff77c644a73 18077->18078 18080 7ff77c644aaf 18077->18080 18079 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 18078->18079 18093 7ff77c644a9d 18079->18093 18115 7ff77c642c80 18080->18115 18083 7ff77c63c5c0 _log10_special 8 API calls 18085 7ff77c6329c3 18083->18085 18084 7ff77c64a9b8 __free_lconv_num 11 API calls 18084->18093 18094 7ff77c6451d0 18085->18094 18086 7ff77c644b8c 18086->18084 18087 7ff77c644b61 18090 7ff77c64a9b8 __free_lconv_num 11 API calls 18087->18090 18088 7ff77c644bb0 18088->18086 18089 7ff77c644bba 18088->18089 18092 7ff77c64a9b8 __free_lconv_num 11 API calls 18089->18092 18090->18093 18091 7ff77c644b58 18091->18086 18091->18087 18092->18093 18093->18083 18095 7ff77c64b338 _get_daylight 11 API calls 18094->18095 18096 7ff77c6451e7 18095->18096 18097 7ff77c6329e5 18096->18097 18098 7ff77c64ec08 _get_daylight 11 API calls 18096->18098 18101 7ff77c645227 18096->18101 18097->18038 18099 7ff77c64521c 18098->18099 18100 7ff77c64a9b8 __free_lconv_num 11 API calls 18099->18100 18100->18101 18101->18097 18250 7ff77c64ec90 18101->18250 18104 7ff77c64a970 _isindst 17 API calls 18105 7ff77c64526c 18104->18105 18107 7ff77c63262f 18106->18107 18108 7ff77c639400 2 API calls 18107->18108 18109 7ff77c632660 18108->18109 18110 7ff77c63266f MessageBoxW 18109->18110 18111 7ff77c632683 MessageBoxA 18109->18111 18112 7ff77c632690 18110->18112 18111->18112 18113 7ff77c63c5c0 _log10_special 8 API calls 18112->18113 18114 7ff77c6326a0 18113->18114 18114->18042 18116 7ff77c642cbe 18115->18116 18117 7ff77c642cae 18115->18117 18118 7ff77c642cc7 18116->18118 18125 7ff77c642cf5 18116->18125 18119 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 18117->18119 18120 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 18118->18120 18121 7ff77c642ced 18119->18121 18120->18121 18121->18086 18121->18087 18121->18088 18121->18091 18122 7ff77c644830 45 API calls 18122->18125 18124 7ff77c642fa4 18127 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 18124->18127 18125->18117 18125->18121 18125->18122 18125->18124 18129 7ff77c643610 18125->18129 18155 7ff77c6432d8 18125->18155 18185 7ff77c642b60 18125->18185 18127->18117 18130 7ff77c643652 18129->18130 18131 7ff77c6436c5 18129->18131 18134 7ff77c643658 18130->18134 18135 7ff77c6436ef 18130->18135 18132 7ff77c6436ca 18131->18132 18133 7ff77c64371f 18131->18133 18136 7ff77c6436cc 18132->18136 18137 7ff77c6436ff 18132->18137 18133->18135 18145 7ff77c64372e 18133->18145 18153 7ff77c643688 18133->18153 18142 7ff77c64365d 18134->18142 18134->18145 18202 7ff77c641bc0 18135->18202 18138 7ff77c64366d 18136->18138 18144 7ff77c6436db 18136->18144 18209 7ff77c6417b0 18137->18209 18154 7ff77c64375d 18138->18154 18188 7ff77c643f74 18138->18188 18142->18138 18143 7ff77c6436a0 18142->18143 18142->18153 18143->18154 18198 7ff77c644430 18143->18198 18144->18135 18147 7ff77c6436e0 18144->18147 18145->18154 18216 7ff77c641fd0 18145->18216 18150 7ff77c6445c8 37 API calls 18147->18150 18147->18154 18149 7ff77c63c5c0 _log10_special 8 API calls 18151 7ff77c6439f3 18149->18151 18150->18153 18151->18125 18153->18154 18223 7ff77c64e8c8 18153->18223 18154->18149 18156 7ff77c6432f9 18155->18156 18157 7ff77c6432e3 18155->18157 18158 7ff77c643337 18156->18158 18159 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 18156->18159 18157->18158 18160 7ff77c643652 18157->18160 18161 7ff77c6436c5 18157->18161 18158->18125 18159->18158 18164 7ff77c643658 18160->18164 18165 7ff77c6436ef 18160->18165 18162 7ff77c6436ca 18161->18162 18163 7ff77c64371f 18161->18163 18166 7ff77c6436ff 18162->18166 18172 7ff77c6436cc 18162->18172 18163->18165 18171 7ff77c64372e 18163->18171 18183 7ff77c643688 18163->18183 18170 7ff77c64365d 18164->18170 18164->18171 18167 7ff77c641bc0 38 API calls 18165->18167 18168 7ff77c6417b0 38 API calls 18166->18168 18167->18183 18168->18183 18169 7ff77c643f74 47 API calls 18169->18183 18173 7ff77c6436a0 18170->18173 18174 7ff77c64366d 18170->18174 18170->18183 18175 7ff77c641fd0 38 API calls 18171->18175 18184 7ff77c64375d 18171->18184 18172->18174 18176 7ff77c6436db 18172->18176 18177 7ff77c644430 47 API calls 18173->18177 18173->18184 18174->18169 18174->18184 18175->18183 18176->18165 18178 7ff77c6436e0 18176->18178 18177->18183 18180 7ff77c6445c8 37 API calls 18178->18180 18178->18184 18179 7ff77c63c5c0 _log10_special 8 API calls 18181 7ff77c6439f3 18179->18181 18180->18183 18181->18125 18182 7ff77c64e8c8 47 API calls 18182->18183 18183->18182 18183->18184 18184->18179 18233 7ff77c640d84 18185->18233 18189 7ff77c643f96 18188->18189 18190 7ff77c640bf0 12 API calls 18189->18190 18191 7ff77c643fde 18190->18191 18192 7ff77c64e5e0 46 API calls 18191->18192 18193 7ff77c6440b1 18192->18193 18194 7ff77c644830 45 API calls 18193->18194 18195 7ff77c6440d3 18193->18195 18194->18195 18196 7ff77c644830 45 API calls 18195->18196 18197 7ff77c64415c 18195->18197 18196->18197 18197->18153 18199 7ff77c644448 18198->18199 18201 7ff77c6444b0 18198->18201 18200 7ff77c64e8c8 47 API calls 18199->18200 18199->18201 18200->18201 18201->18153 18203 7ff77c641bf3 18202->18203 18204 7ff77c641c22 18203->18204 18206 7ff77c641cdf 18203->18206 18205 7ff77c640bf0 12 API calls 18204->18205 18208 7ff77c641c5f 18204->18208 18205->18208 18207 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 18206->18207 18207->18208 18208->18153 18210 7ff77c6417e3 18209->18210 18211 7ff77c641812 18210->18211 18213 7ff77c6418cf 18210->18213 18212 7ff77c640bf0 12 API calls 18211->18212 18215 7ff77c64184f 18211->18215 18212->18215 18214 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 18213->18214 18214->18215 18215->18153 18217 7ff77c642003 18216->18217 18218 7ff77c642032 18217->18218 18220 7ff77c6420ef 18217->18220 18219 7ff77c640bf0 12 API calls 18218->18219 18222 7ff77c64206f 18218->18222 18219->18222 18221 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 18220->18221 18221->18222 18222->18153 18224 7ff77c64e8f0 18223->18224 18226 7ff77c644830 45 API calls 18224->18226 18227 7ff77c64e935 18224->18227 18230 7ff77c64e91e memcpy_s 18224->18230 18231 7ff77c64e8f5 memcpy_s 18224->18231 18225 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 18225->18231 18226->18227 18228 7ff77c650858 WideCharToMultiByte 18227->18228 18227->18230 18227->18231 18229 7ff77c64ea11 18228->18229 18229->18231 18232 7ff77c64ea26 GetLastError 18229->18232 18230->18225 18230->18231 18231->18153 18232->18230 18232->18231 18234 7ff77c640db1 18233->18234 18235 7ff77c640dc3 18233->18235 18236 7ff77c644f78 _get_daylight 11 API calls 18234->18236 18238 7ff77c640dd0 18235->18238 18241 7ff77c640e0d 18235->18241 18237 7ff77c640db6 18236->18237 18239 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 18237->18239 18240 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 18238->18240 18245 7ff77c640dc1 18239->18245 18240->18245 18242 7ff77c640eb6 18241->18242 18243 7ff77c644f78 _get_daylight 11 API calls 18241->18243 18244 7ff77c644f78 _get_daylight 11 API calls 18242->18244 18242->18245 18246 7ff77c640eab 18243->18246 18247 7ff77c640f60 18244->18247 18245->18125 18249 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 18246->18249 18248 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 18247->18248 18248->18245 18249->18242 18253 7ff77c64ecad 18250->18253 18251 7ff77c64ecb2 18252 7ff77c644f78 _get_daylight 11 API calls 18251->18252 18255 7ff77c64524d 18251->18255 18258 7ff77c64ecbc 18252->18258 18253->18251 18253->18255 18256 7ff77c64ecfc 18253->18256 18254 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 18254->18255 18255->18097 18255->18104 18256->18255 18257 7ff77c644f78 _get_daylight 11 API calls 18256->18257 18257->18258 18258->18254 18260 7ff77c6482c8 18259->18260 18261 7ff77c6482b5 18259->18261 18269 7ff77c647f2c 18260->18269 18262 7ff77c644f78 _get_daylight 11 API calls 18261->18262 18264 7ff77c6482ba 18262->18264 18266 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 18264->18266 18267 7ff77c6482c6 18266->18267 18267->17424 18276 7ff77c650348 EnterCriticalSection 18269->18276 18278 7ff77c6387a1 GetTokenInformation 18277->18278 18279 7ff77c638823 __std_exception_destroy 18277->18279 18280 7ff77c6387cd 18278->18280 18281 7ff77c6387c2 GetLastError 18278->18281 18282 7ff77c63883c 18279->18282 18283 7ff77c638836 CloseHandle 18279->18283 18280->18279 18284 7ff77c6387e9 GetTokenInformation 18280->18284 18281->18279 18281->18280 18282->17429 18283->18282 18284->18279 18285 7ff77c63880c 18284->18285 18285->18279 18286 7ff77c638816 ConvertSidToStringSidW 18285->18286 18286->18279 18288 7ff77c63c8c0 18287->18288 18289 7ff77c632b74 GetCurrentProcessId 18288->18289 18290 7ff77c6326b0 48 API calls 18289->18290 18291 7ff77c632bc7 18290->18291 18292 7ff77c644c48 48 API calls 18291->18292 18293 7ff77c632c10 MessageBoxW 18292->18293 18294 7ff77c63c5c0 _log10_special 8 API calls 18293->18294 18295 7ff77c632c40 18294->18295 18295->17439 18297 7ff77c6325e5 18296->18297 18298 7ff77c644c48 48 API calls 18297->18298 18299 7ff77c632604 18298->18299 18299->17454 18304 7ff77c6381cc 18303->18304 18305 7ff77c639400 2 API calls 18304->18305 18306 7ff77c6381eb 18305->18306 18307 7ff77c638206 ExpandEnvironmentStringsW 18306->18307 18308 7ff77c6381f3 18306->18308 18466 7ff77c63455a 18465->18466 18467 7ff77c639400 2 API calls 18466->18467 18468 7ff77c63457f 18467->18468 18469 7ff77c63c5c0 _log10_special 8 API calls 18468->18469 18470 7ff77c6345a7 18469->18470 18470->17492 18472 7ff77c637e1e 18471->18472 18473 7ff77c637f42 18472->18473 18474 7ff77c631c80 49 API calls 18472->18474 18475 7ff77c63c5c0 _log10_special 8 API calls 18473->18475 18479 7ff77c637ea5 18474->18479 18476 7ff77c637f73 18475->18476 18476->17492 18477 7ff77c631c80 49 API calls 18477->18479 18478 7ff77c634550 10 API calls 18478->18479 18479->18473 18479->18477 18479->18478 18480 7ff77c639400 2 API calls 18479->18480 18481 7ff77c637f13 CreateDirectoryW 18480->18481 18481->18473 18481->18479 18483 7ff77c631637 18482->18483 18484 7ff77c631613 18482->18484 18485 7ff77c6345b0 108 API calls 18483->18485 18603 7ff77c631050 18484->18603 18487 7ff77c63164b 18485->18487 18489 7ff77c631682 18487->18489 18490 7ff77c631653 18487->18490 18493 7ff77c6345b0 108 API calls 18489->18493 18492 7ff77c644f78 _get_daylight 11 API calls 18490->18492 18495 7ff77c631658 18492->18495 18496 7ff77c631696 18493->18496 18498 7ff77c6316b8 18496->18498 18499 7ff77c63169e 18496->18499 18532 7ff77c63717b 18530->18532 18533 7ff77c637134 18530->18533 18532->17492 18533->18532 18667 7ff77c645094 18533->18667 18535 7ff77c634191 18534->18535 18536 7ff77c6344d0 49 API calls 18535->18536 18537 7ff77c6341cb 18536->18537 18538 7ff77c6344d0 49 API calls 18537->18538 18539 7ff77c6341db 18538->18539 18540 7ff77c6341fd 18539->18540 18541 7ff77c63422c 18539->18541 18682 7ff77c634100 18540->18682 18543 7ff77c634100 51 API calls 18541->18543 18579 7ff77c631c80 49 API calls 18578->18579 18580 7ff77c634464 18579->18580 18580->17492 18604 7ff77c6345b0 108 API calls 18603->18604 18605 7ff77c63108c 18604->18605 18606 7ff77c6310a9 18605->18606 18607 7ff77c631094 18605->18607 18609 7ff77c640744 73 API calls 18606->18609 18608 7ff77c632710 54 API calls 18607->18608 18668 7ff77c6450ce 18667->18668 18669 7ff77c6450a1 18667->18669 18671 7ff77c6450f1 18668->18671 18672 7ff77c64510d 18668->18672 18670 7ff77c644f78 _get_daylight 11 API calls 18669->18670 18680 7ff77c645058 18669->18680 18673 7ff77c6450ab 18670->18673 18674 7ff77c644f78 _get_daylight 11 API calls 18671->18674 18675 7ff77c644fbc 45 API calls 18672->18675 18676 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 18673->18676 18677 7ff77c6450f6 18674->18677 18678 7ff77c645101 18675->18678 18678->18533 18680->18533 18747 7ff77c645f38 18745->18747 18746 7ff77c645f5e 18748 7ff77c644f78 _get_daylight 11 API calls 18746->18748 18747->18746 18750 7ff77c645f91 18747->18750 18749 7ff77c645f63 18748->18749 18751 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 18749->18751 18752 7ff77c645f97 18750->18752 18753 7ff77c645fa4 18750->18753 18755 7ff77c634606 18751->18755 18756 7ff77c644f78 _get_daylight 11 API calls 18752->18756 18764 7ff77c64ac98 18753->18764 18755->17517 18756->18755 18777 7ff77c650348 EnterCriticalSection 18764->18777 19137 7ff77c647968 19136->19137 19140 7ff77c647444 19137->19140 19139 7ff77c647981 19139->17527 19141 7ff77c64748e 19140->19141 19142 7ff77c64745f 19140->19142 19150 7ff77c6454dc EnterCriticalSection 19141->19150 19143 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 19142->19143 19145 7ff77c64747f 19143->19145 19145->19139 19152 7ff77c63feb3 19151->19152 19154 7ff77c63fee1 19151->19154 19153 7ff77c64a884 _invalid_parameter_noinfo 37 API calls 19152->19153 19156 7ff77c63fed3 19153->19156 19154->19156 19161 7ff77c6454dc EnterCriticalSection 19154->19161 19156->17531 19163 7ff77c6345b0 108 API calls 19162->19163 19164 7ff77c631493 19163->19164 19269 7ff77c636365 19268->19269 19270 7ff77c631c80 49 API calls 19269->19270 19271 7ff77c6363a1 19270->19271 19272 7ff77c6363aa 19271->19272 19273 7ff77c6363cd 19271->19273 19274 7ff77c632710 54 API calls 19272->19274 19275 7ff77c634620 49 API calls 19273->19275 19298 7ff77c6363c3 19274->19298 19276 7ff77c6363e5 19275->19276 19277 7ff77c636403 19276->19277 19279 7ff77c632710 54 API calls 19276->19279 19278 7ff77c63c5c0 _log10_special 8 API calls 19279->19277 19298->19278 19543 7ff77c64b1c0 __GetCurrentState 45 API calls 19542->19543 19544 7ff77c64a451 19543->19544 19545 7ff77c64a574 __GetCurrentState 45 API calls 19544->19545 19546 7ff77c64a471 19545->19546 16120 7ff77c645698 16121 7ff77c6456b2 16120->16121 16122 7ff77c6456cf 16120->16122 16171 7ff77c644f58 16121->16171 16122->16121 16123 7ff77c6456e2 CreateFileW 16122->16123 16125 7ff77c64574c 16123->16125 16126 7ff77c645716 16123->16126 16174 7ff77c645c74 16125->16174 16145 7ff77c6457ec GetFileType 16126->16145 16130 7ff77c644f78 _get_daylight 11 API calls 16133 7ff77c6456bf 16130->16133 16138 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16133->16138 16134 7ff77c64572b CloseHandle 16139 7ff77c6456ca 16134->16139 16135 7ff77c645741 CloseHandle 16135->16139 16136 7ff77c645780 16200 7ff77c645a34 16136->16200 16137 7ff77c645755 16195 7ff77c644eec 16137->16195 16138->16139 16144 7ff77c64575f 16144->16139 16146 7ff77c64583a 16145->16146 16147 7ff77c6458f7 16145->16147 16148 7ff77c645866 GetFileInformationByHandle 16146->16148 16151 7ff77c645b70 21 API calls 16146->16151 16149 7ff77c645921 16147->16149 16150 7ff77c6458ff 16147->16150 16152 7ff77c645912 GetLastError 16148->16152 16153 7ff77c64588f 16148->16153 16155 7ff77c645944 PeekNamedPipe 16149->16155 16170 7ff77c6458e2 16149->16170 16150->16152 16154 7ff77c645903 16150->16154 16156 7ff77c645854 16151->16156 16159 7ff77c644eec _fread_nolock 11 API calls 16152->16159 16157 7ff77c645a34 51 API calls 16153->16157 16158 7ff77c644f78 _get_daylight 11 API calls 16154->16158 16155->16170 16156->16148 16156->16170 16161 7ff77c64589a 16157->16161 16158->16170 16159->16170 16160 7ff77c63c5c0 _log10_special 8 API calls 16162 7ff77c645724 16160->16162 16217 7ff77c645994 16161->16217 16162->16134 16162->16135 16165 7ff77c645994 10 API calls 16166 7ff77c6458b9 16165->16166 16167 7ff77c645994 10 API calls 16166->16167 16168 7ff77c6458ca 16167->16168 16169 7ff77c644f78 _get_daylight 11 API calls 16168->16169 16168->16170 16169->16170 16170->16160 16172 7ff77c64b338 _get_daylight 11 API calls 16171->16172 16173 7ff77c644f61 16172->16173 16173->16130 16175 7ff77c645caa 16174->16175 16176 7ff77c644f78 _get_daylight 11 API calls 16175->16176 16194 7ff77c645d42 __std_exception_destroy 16175->16194 16178 7ff77c645cbc 16176->16178 16177 7ff77c63c5c0 _log10_special 8 API calls 16179 7ff77c645751 16177->16179 16180 7ff77c644f78 _get_daylight 11 API calls 16178->16180 16179->16136 16179->16137 16181 7ff77c645cc4 16180->16181 16224 7ff77c647e78 16181->16224 16183 7ff77c645cd9 16184 7ff77c645ceb 16183->16184 16185 7ff77c645ce1 16183->16185 16186 7ff77c644f78 _get_daylight 11 API calls 16184->16186 16187 7ff77c644f78 _get_daylight 11 API calls 16185->16187 16188 7ff77c645cf0 16186->16188 16193 7ff77c645ce6 16187->16193 16189 7ff77c644f78 _get_daylight 11 API calls 16188->16189 16188->16194 16190 7ff77c645cfa 16189->16190 16191 7ff77c647e78 45 API calls 16190->16191 16191->16193 16192 7ff77c645d34 GetDriveTypeW 16192->16194 16193->16192 16193->16194 16194->16177 16196 7ff77c64b338 _get_daylight 11 API calls 16195->16196 16197 7ff77c644ef9 __free_lconv_num 16196->16197 16198 7ff77c64b338 _get_daylight 11 API calls 16197->16198 16199 7ff77c644f1b 16198->16199 16199->16144 16202 7ff77c645a5c 16200->16202 16201 7ff77c64578d 16210 7ff77c645b70 16201->16210 16202->16201 16318 7ff77c64f794 16202->16318 16204 7ff77c645af0 16204->16201 16205 7ff77c64f794 51 API calls 16204->16205 16206 7ff77c645b03 16205->16206 16206->16201 16207 7ff77c64f794 51 API calls 16206->16207 16208 7ff77c645b16 16207->16208 16208->16201 16209 7ff77c64f794 51 API calls 16208->16209 16209->16201 16211 7ff77c645b8a 16210->16211 16212 7ff77c645bc1 16211->16212 16213 7ff77c645b9a 16211->16213 16214 7ff77c64f628 21 API calls 16212->16214 16215 7ff77c644eec _fread_nolock 11 API calls 16213->16215 16216 7ff77c645baa 16213->16216 16214->16216 16215->16216 16216->16144 16218 7ff77c6459bd FileTimeToSystemTime 16217->16218 16219 7ff77c6459b0 16217->16219 16220 7ff77c6459d1 SystemTimeToTzSpecificLocalTime 16218->16220 16221 7ff77c6459b8 16218->16221 16219->16218 16219->16221 16220->16221 16222 7ff77c63c5c0 _log10_special 8 API calls 16221->16222 16223 7ff77c6458a9 16222->16223 16223->16165 16225 7ff77c647f02 16224->16225 16226 7ff77c647e94 16224->16226 16261 7ff77c650830 16225->16261 16226->16225 16228 7ff77c647e99 16226->16228 16229 7ff77c647ece 16228->16229 16230 7ff77c647eb1 16228->16230 16244 7ff77c647cbc GetFullPathNameW 16229->16244 16236 7ff77c647c48 GetFullPathNameW 16230->16236 16235 7ff77c647ec6 __std_exception_destroy 16235->16183 16237 7ff77c647c6e GetLastError 16236->16237 16241 7ff77c647c84 16236->16241 16238 7ff77c644eec _fread_nolock 11 API calls 16237->16238 16239 7ff77c647c7b 16238->16239 16242 7ff77c644f78 _get_daylight 11 API calls 16239->16242 16240 7ff77c647c80 16240->16235 16241->16240 16243 7ff77c644f78 _get_daylight 11 API calls 16241->16243 16242->16240 16243->16240 16245 7ff77c647cef GetLastError 16244->16245 16248 7ff77c647d05 __std_exception_destroy 16244->16248 16246 7ff77c644eec _fread_nolock 11 API calls 16245->16246 16249 7ff77c647cfc 16246->16249 16247 7ff77c647d01 16252 7ff77c647d94 16247->16252 16248->16247 16251 7ff77c647d5f GetFullPathNameW 16248->16251 16250 7ff77c644f78 _get_daylight 11 API calls 16249->16250 16250->16247 16251->16245 16251->16247 16253 7ff77c647e08 memcpy_s 16252->16253 16254 7ff77c647dbd memcpy_s 16252->16254 16253->16235 16254->16253 16255 7ff77c647df1 16254->16255 16258 7ff77c647e2a 16254->16258 16256 7ff77c644f78 _get_daylight 11 API calls 16255->16256 16260 7ff77c647df6 16256->16260 16257 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16257->16253 16258->16253 16259 7ff77c644f78 _get_daylight 11 API calls 16258->16259 16259->16260 16260->16257 16264 7ff77c650640 16261->16264 16265 7ff77c65066b 16264->16265 16266 7ff77c650682 16264->16266 16267 7ff77c644f78 _get_daylight 11 API calls 16265->16267 16268 7ff77c6506a7 16266->16268 16269 7ff77c650686 16266->16269 16271 7ff77c650670 16267->16271 16302 7ff77c64f628 16268->16302 16290 7ff77c6507ac 16269->16290 16275 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16271->16275 16273 7ff77c6506ac 16279 7ff77c650751 16273->16279 16285 7ff77c6506d3 16273->16285 16289 7ff77c65067b __std_exception_destroy 16275->16289 16276 7ff77c65068f 16277 7ff77c644f58 _fread_nolock 11 API calls 16276->16277 16278 7ff77c650694 16277->16278 16281 7ff77c644f78 _get_daylight 11 API calls 16278->16281 16279->16265 16282 7ff77c650759 16279->16282 16280 7ff77c63c5c0 _log10_special 8 API calls 16283 7ff77c6507a1 16280->16283 16281->16271 16284 7ff77c647c48 13 API calls 16282->16284 16283->16235 16284->16289 16286 7ff77c647cbc 14 API calls 16285->16286 16287 7ff77c650717 16286->16287 16288 7ff77c647d94 37 API calls 16287->16288 16287->16289 16288->16289 16289->16280 16291 7ff77c6507f6 16290->16291 16292 7ff77c6507c6 16290->16292 16293 7ff77c650801 GetDriveTypeW 16291->16293 16295 7ff77c6507e1 16291->16295 16294 7ff77c644f58 _fread_nolock 11 API calls 16292->16294 16293->16295 16296 7ff77c6507cb 16294->16296 16297 7ff77c63c5c0 _log10_special 8 API calls 16295->16297 16298 7ff77c644f78 _get_daylight 11 API calls 16296->16298 16299 7ff77c65068b 16297->16299 16300 7ff77c6507d6 16298->16300 16299->16273 16299->16276 16301 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16300->16301 16301->16295 16316 7ff77c65a540 16302->16316 16304 7ff77c64f65e GetCurrentDirectoryW 16305 7ff77c64f69c 16304->16305 16306 7ff77c64f675 16304->16306 16307 7ff77c64ec08 _get_daylight 11 API calls 16305->16307 16308 7ff77c63c5c0 _log10_special 8 API calls 16306->16308 16309 7ff77c64f6ab 16307->16309 16310 7ff77c64f709 16308->16310 16311 7ff77c64f6c4 16309->16311 16312 7ff77c64f6b5 GetCurrentDirectoryW 16309->16312 16310->16273 16314 7ff77c644f78 _get_daylight 11 API calls 16311->16314 16312->16311 16313 7ff77c64f6c9 16312->16313 16315 7ff77c64a9b8 __free_lconv_num 11 API calls 16313->16315 16314->16313 16315->16306 16317 7ff77c65a530 16316->16317 16317->16304 16317->16317 16319 7ff77c64f7c5 16318->16319 16320 7ff77c64f7a1 16318->16320 16322 7ff77c64f7ff 16319->16322 16325 7ff77c64f81e 16319->16325 16320->16319 16321 7ff77c64f7a6 16320->16321 16323 7ff77c644f78 _get_daylight 11 API calls 16321->16323 16324 7ff77c644f78 _get_daylight 11 API calls 16322->16324 16326 7ff77c64f7ab 16323->16326 16327 7ff77c64f804 16324->16327 16335 7ff77c644fbc 16325->16335 16329 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16326->16329 16330 7ff77c64a950 _invalid_parameter_noinfo 37 API calls 16327->16330 16331 7ff77c64f7b6 16329->16331 16332 7ff77c64f80f 16330->16332 16331->16204 16332->16204 16333 7ff77c64f82b 16333->16332 16334 7ff77c65054c 51 API calls 16333->16334 16334->16333 16336 7ff77c644fe0 16335->16336 16342 7ff77c644fdb 16335->16342 16336->16342 16343 7ff77c64b1c0 GetLastError 16336->16343 16342->16333 16344 7ff77c64b1e4 FlsGetValue 16343->16344 16345 7ff77c64b201 FlsSetValue 16343->16345 16346 7ff77c64b1fb 16344->16346 16362 7ff77c64b1f1 16344->16362 16347 7ff77c64b213 16345->16347 16345->16362 16346->16345 16349 7ff77c64ec08 _get_daylight 11 API calls 16347->16349 16348 7ff77c64b26d SetLastError 16351 7ff77c64b28d 16348->16351 16352 7ff77c644ffb 16348->16352 16350 7ff77c64b222 16349->16350 16353 7ff77c64b240 FlsSetValue 16350->16353 16354 7ff77c64b230 FlsSetValue 16350->16354 16373 7ff77c64a574 16351->16373 16365 7ff77c64d9f4 16352->16365 16357 7ff77c64b24c FlsSetValue 16353->16357 16358 7ff77c64b25e 16353->16358 16356 7ff77c64b239 16354->16356 16360 7ff77c64a9b8 __free_lconv_num 11 API calls 16356->16360 16357->16356 16361 7ff77c64af64 _get_daylight 11 API calls 16358->16361 16360->16362 16363 7ff77c64b266 16361->16363 16362->16348 16364 7ff77c64a9b8 __free_lconv_num 11 API calls 16363->16364 16364->16348 16366 7ff77c64da09 16365->16366 16368 7ff77c64501e 16365->16368 16366->16368 16417 7ff77c653374 16366->16417 16369 7ff77c64da60 16368->16369 16370 7ff77c64da75 16369->16370 16372 7ff77c64da88 16369->16372 16370->16372 16430 7ff77c6526c0 16370->16430 16372->16342 16382 7ff77c6536c0 16373->16382 16408 7ff77c653678 16382->16408 16413 7ff77c650348 EnterCriticalSection 16408->16413 16418 7ff77c64b1c0 __GetCurrentState 45 API calls 16417->16418 16419 7ff77c653383 16418->16419 16420 7ff77c6533ce 16419->16420 16429 7ff77c650348 EnterCriticalSection 16419->16429 16420->16368 16431 7ff77c64b1c0 __GetCurrentState 45 API calls 16430->16431 16432 7ff77c6526c9 16431->16432 19770 7ff77c651720 19781 7ff77c657454 19770->19781 19782 7ff77c657461 19781->19782 19783 7ff77c64a9b8 __free_lconv_num 11 API calls 19782->19783 19784 7ff77c65747d 19782->19784 19783->19782 19785 7ff77c64a9b8 __free_lconv_num 11 API calls 19784->19785 19786 7ff77c651729 19784->19786 19785->19784 19787 7ff77c650348 EnterCriticalSection 19786->19787

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FF77C638BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 7ff77c638bd0-7ff77c638d16 call 7ff77c63c8c0 call 7ff77c639400 SetConsoleCtrlHandler GetStartupInfoW call 7ff77c645460 call 7ff77c64a4ec call 7ff77c64878c call 7ff77c645460 call 7ff77c64a4ec call 7ff77c64878c call 7ff77c645460 call 7ff77c64a4ec call 7ff77c64878c GetCommandLineW CreateProcessW 23 7ff77c638d18-7ff77c638d38 GetLastError call 7ff77c632c50 0->23 24 7ff77c638d3d-7ff77c638d79 RegisterClassW 0->24 31 7ff77c639029-7ff77c63904f call 7ff77c63c5c0 23->31 26 7ff77c638d7b GetLastError 24->26 27 7ff77c638d81-7ff77c638dd5 CreateWindowExW 24->27 26->27 29 7ff77c638dd7-7ff77c638ddd GetLastError 27->29 30 7ff77c638ddf-7ff77c638de4 ShowWindow 27->30 32 7ff77c638dea-7ff77c638dfa WaitForSingleObject 29->32 30->32 34 7ff77c638e78-7ff77c638e7f 32->34 35 7ff77c638dfc 32->35 36 7ff77c638ec2-7ff77c638ec9 34->36 37 7ff77c638e81-7ff77c638e91 WaitForSingleObject 34->37 39 7ff77c638e00-7ff77c638e03 35->39 42 7ff77c638fb0-7ff77c638fc9 GetMessageW 36->42 43 7ff77c638ecf-7ff77c638ee5 QueryPerformanceFrequency QueryPerformanceCounter 36->43 40 7ff77c638fe8-7ff77c638ff2 37->40 41 7ff77c638e97-7ff77c638ea7 TerminateProcess 37->41 44 7ff77c638e0b-7ff77c638e12 39->44 45 7ff77c638e05 GetLastError 39->45 46 7ff77c639001-7ff77c639025 GetExitCodeProcess CloseHandle * 2 40->46 47 7ff77c638ff4-7ff77c638ffa DestroyWindow 40->47 48 7ff77c638ea9 GetLastError 41->48 49 7ff77c638eaf-7ff77c638ebd WaitForSingleObject 41->49 52 7ff77c638fcb-7ff77c638fd9 TranslateMessage DispatchMessageW 42->52 53 7ff77c638fdf-7ff77c638fe6 42->53 50 7ff77c638ef0-7ff77c638f28 MsgWaitForMultipleObjects PeekMessageW 43->50 44->37 51 7ff77c638e14-7ff77c638e31 PeekMessageW 44->51 45->44 46->31 47->46 48->49 49->40 54 7ff77c638f2a 50->54 55 7ff77c638f63-7ff77c638f6a 50->55 56 7ff77c638e66-7ff77c638e76 WaitForSingleObject 51->56 57 7ff77c638e33-7ff77c638e64 TranslateMessage DispatchMessageW PeekMessageW 51->57 52->53 53->40 53->42 58 7ff77c638f30-7ff77c638f61 TranslateMessage DispatchMessageW PeekMessageW 54->58 55->42 59 7ff77c638f6c-7ff77c638f95 QueryPerformanceCounter 55->59 56->34 56->39 57->56 57->57 58->55 58->58 59->50 60 7ff77c638f9b-7ff77c638fa2 59->60 60->40 61 7ff77c638fa4-7ff77c638fa8 60->61 61->42
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                      • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                      • API String ID: 3832162212-3165540532
                                                                                                                                                                                                      • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                      • Instruction ID: 421c7c3c72bc51a63a2a49f968326013d82f4217dc18b445872b84f441ee1f53
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CFD16133B38A8286E711AF34E8942ABB762FF8CB58F900235DE5D96694DF3CD5458710
                                                                                                                                                                                                      Function 00007FF77C631000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 62 7ff77c631000-7ff77c633806 call 7ff77c63fe88 call 7ff77c63fe90 call 7ff77c63c8c0 call 7ff77c645460 call 7ff77c6454f4 call 7ff77c6336b0 76 7ff77c633808-7ff77c63380f 62->76 77 7ff77c633814-7ff77c633836 call 7ff77c631950 62->77 79 7ff77c633c97-7ff77c633cb2 call 7ff77c63c5c0 76->79 82 7ff77c63391b-7ff77c633931 call 7ff77c6345b0 77->82 83 7ff77c63383c-7ff77c633856 call 7ff77c631c80 77->83 90 7ff77c63396a-7ff77c63397f call 7ff77c632710 82->90 91 7ff77c633933-7ff77c633960 call 7ff77c637f80 82->91 87 7ff77c63385b-7ff77c63389b call 7ff77c638a20 83->87 96 7ff77c63389d-7ff77c6338a3 87->96 97 7ff77c6338c1-7ff77c6338cc call 7ff77c644fa0 87->97 99 7ff77c633c8f 90->99 103 7ff77c633962-7ff77c633965 call 7ff77c6400bc 91->103 104 7ff77c633984-7ff77c6339a6 call 7ff77c631c80 91->104 100 7ff77c6338af-7ff77c6338bd call 7ff77c638b90 96->100 101 7ff77c6338a5-7ff77c6338ad 96->101 111 7ff77c6339fc-7ff77c633a2a call 7ff77c638b30 call 7ff77c638b90 * 3 97->111 112 7ff77c6338d2-7ff77c6338e1 call 7ff77c638a20 97->112 99->79 100->97 101->100 103->90 115 7ff77c6339b0-7ff77c6339b9 104->115 138 7ff77c633a2f-7ff77c633a3e call 7ff77c638a20 111->138 119 7ff77c6338e7-7ff77c6338ed 112->119 120 7ff77c6339f4-7ff77c6339f7 call 7ff77c644fa0 112->120 115->115 118 7ff77c6339bb-7ff77c6339d8 call 7ff77c631950 115->118 118->87 130 7ff77c6339de-7ff77c6339ef call 7ff77c632710 118->130 123 7ff77c6338f0-7ff77c6338fc 119->123 120->111 127 7ff77c6338fe-7ff77c633903 123->127 128 7ff77c633905-7ff77c633908 123->128 127->123 127->128 128->120 131 7ff77c63390e-7ff77c633916 call 7ff77c644fa0 128->131 130->99 131->138 141 7ff77c633b45-7ff77c633b53 138->141 142 7ff77c633a44-7ff77c633a47 138->142 143 7ff77c633b59-7ff77c633b5d 141->143 144 7ff77c633a67 141->144 142->141 145 7ff77c633a4d-7ff77c633a50 142->145 146 7ff77c633a6b-7ff77c633a90 call 7ff77c644fa0 143->146 144->146 147 7ff77c633a56-7ff77c633a5a 145->147 148 7ff77c633b14-7ff77c633b17 145->148 156 7ff77c633aab-7ff77c633ac0 146->156 157 7ff77c633a92-7ff77c633aa6 call 7ff77c638b30 146->157 147->148 150 7ff77c633a60 147->150 151 7ff77c633b19-7ff77c633b1d 148->151 152 7ff77c633b2f-7ff77c633b40 call 7ff77c632710 148->152 150->144 151->152 153 7ff77c633b1f-7ff77c633b2a 151->153 160 7ff77c633c7f-7ff77c633c87 152->160 153->146 161 7ff77c633be8-7ff77c633bfa call 7ff77c638a20 156->161 162 7ff77c633ac6-7ff77c633aca 156->162 157->156 160->99 170 7ff77c633c2e 161->170 171 7ff77c633bfc-7ff77c633c02 161->171 164 7ff77c633bcd-7ff77c633be2 call 7ff77c631940 162->164 165 7ff77c633ad0-7ff77c633ae8 call 7ff77c6452c0 162->165 164->161 164->162 175 7ff77c633aea-7ff77c633b02 call 7ff77c6452c0 165->175 176 7ff77c633b62-7ff77c633b7a call 7ff77c6452c0 165->176 177 7ff77c633c31-7ff77c633c40 call 7ff77c644fa0 170->177 173 7ff77c633c1e-7ff77c633c2c 171->173 174 7ff77c633c04-7ff77c633c1c 171->174 173->177 174->177 175->164 186 7ff77c633b08-7ff77c633b0f 175->186 184 7ff77c633b87-7ff77c633b9f call 7ff77c6452c0 176->184 185 7ff77c633b7c-7ff77c633b80 176->185 187 7ff77c633d41-7ff77c633d63 call 7ff77c6344d0 177->187 188 7ff77c633c46-7ff77c633c4a 177->188 201 7ff77c633bac-7ff77c633bc4 call 7ff77c6452c0 184->201 202 7ff77c633ba1-7ff77c633ba5 184->202 185->184 186->164 199 7ff77c633d71-7ff77c633d82 call 7ff77c631c80 187->199 200 7ff77c633d65-7ff77c633d6f call 7ff77c634620 187->200 189 7ff77c633c50-7ff77c633c5f call 7ff77c6390e0 188->189 190 7ff77c633cd4-7ff77c633ce6 call 7ff77c638a20 188->190 203 7ff77c633c61 189->203 204 7ff77c633cb3-7ff77c633cb6 call 7ff77c638850 189->204 205 7ff77c633ce8-7ff77c633ceb 190->205 206 7ff77c633d35-7ff77c633d3c 190->206 214 7ff77c633d87-7ff77c633d96 199->214 200->214 201->164 216 7ff77c633bc6 201->216 202->201 211 7ff77c633c68 call 7ff77c632710 203->211 221 7ff77c633cbb-7ff77c633cbd 204->221 205->206 212 7ff77c633ced-7ff77c633d10 call 7ff77c631c80 205->212 206->211 222 7ff77c633c6d-7ff77c633c77 211->222 228 7ff77c633d2b-7ff77c633d33 call 7ff77c644fa0 212->228 229 7ff77c633d12-7ff77c633d26 call 7ff77c632710 call 7ff77c644fa0 212->229 219 7ff77c633d98-7ff77c633d9f 214->219 220 7ff77c633dc4-7ff77c633dda call 7ff77c639400 214->220 216->164 219->220 224 7ff77c633da1-7ff77c633da5 219->224 232 7ff77c633de8-7ff77c633e04 SetDllDirectoryW 220->232 233 7ff77c633ddc 220->233 226 7ff77c633cc8-7ff77c633ccf 221->226 227 7ff77c633cbf-7ff77c633cc6 221->227 222->160 224->220 230 7ff77c633da7-7ff77c633dbe SetDllDirectoryW LoadLibraryExW 224->230 226->214 227->211 228->214 229->222 230->220 236 7ff77c633e0a-7ff77c633e19 call 7ff77c638a20 232->236 237 7ff77c633f01-7ff77c633f08 232->237 233->232 251 7ff77c633e1b-7ff77c633e21 236->251 252 7ff77c633e32-7ff77c633e3c call 7ff77c644fa0 236->252 242 7ff77c633f0e-7ff77c633f15 237->242 243 7ff77c633ffc-7ff77c634004 237->243 242->243 248 7ff77c633f1b-7ff77c633f25 call 7ff77c6333c0 242->248 244 7ff77c634029-7ff77c63405b call 7ff77c6336a0 call 7ff77c633360 call 7ff77c633670 call 7ff77c636fb0 call 7ff77c636d60 243->244 245 7ff77c634006-7ff77c634023 PostMessageW GetMessageW 243->245 245->244 248->222 258 7ff77c633f2b-7ff77c633f3f call 7ff77c6390c0 248->258 255 7ff77c633e2d-7ff77c633e2f 251->255 256 7ff77c633e23-7ff77c633e2b 251->256 263 7ff77c633ef2-7ff77c633efc call 7ff77c638b30 252->263 264 7ff77c633e42-7ff77c633e48 252->264 255->252 256->255 269 7ff77c633f41-7ff77c633f5e PostMessageW GetMessageW 258->269 270 7ff77c633f64-7ff77c633fa0 call 7ff77c638b30 call 7ff77c638bd0 call 7ff77c636fb0 call 7ff77c636d60 call 7ff77c638ad0 258->270 263->237 264->263 268 7ff77c633e4e-7ff77c633e54 264->268 272 7ff77c633e5f-7ff77c633e61 268->272 273 7ff77c633e56-7ff77c633e58 268->273 269->270 304 7ff77c633fa5-7ff77c633fa7 270->304 272->237 274 7ff77c633e67-7ff77c633e83 call 7ff77c636db0 call 7ff77c637330 272->274 273->274 277 7ff77c633e5a 273->277 289 7ff77c633e8e-7ff77c633e95 274->289 290 7ff77c633e85-7ff77c633e8c 274->290 277->237 293 7ff77c633e97-7ff77c633ea4 call 7ff77c636df0 289->293 294 7ff77c633eaf-7ff77c633eb9 call 7ff77c6371a0 289->294 292 7ff77c633edb-7ff77c633ef0 call 7ff77c632a50 call 7ff77c636fb0 call 7ff77c636d60 290->292 292->237 293->294 306 7ff77c633ea6-7ff77c633ead 293->306 307 7ff77c633ebb-7ff77c633ec2 294->307 308 7ff77c633ec4-7ff77c633ed2 call 7ff77c6374e0 294->308 309 7ff77c633fe9-7ff77c633ff7 call 7ff77c631900 304->309 310 7ff77c633fa9-7ff77c633fb3 call 7ff77c639200 304->310 306->292 307->292 308->237 318 7ff77c633ed4 308->318 309->222 310->309 321 7ff77c633fb5-7ff77c633fca 310->321 318->292 322 7ff77c633fcc-7ff77c633fdf call 7ff77c632710 call 7ff77c631900 321->322 323 7ff77c633fe4 call 7ff77c632a50 321->323 322->222 323->309
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                      • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                      • API String ID: 2776309574-4232158417
                                                                                                                                                                                                      • Opcode ID: 0e7f9f8f9b7973c5112ddf8e6b7b04449a78dc6e1f1e844403fce0d1da25eb6d
                                                                                                                                                                                                      • Instruction ID: 9114c02e35f4c945f3e564d6bb4ac957497460a2e6caa7a6b363cd5af0fa4c48
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e7f9f8f9b7973c5112ddf8e6b7b04449a78dc6e1f1e844403fce0d1da25eb6d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1325E23A3C68251EB17BB2194D52BBA693AF9C740FC44036DA5DC72D6EF2CE556C320
                                                                                                                                                                                                      Function 00007FF77C655C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 477 7ff77c655c70-7ff77c655cab call 7ff77c6555f8 call 7ff77c655600 call 7ff77c655668 484 7ff77c655ed5-7ff77c655f21 call 7ff77c64a970 call 7ff77c6555f8 call 7ff77c655600 call 7ff77c655668 477->484 485 7ff77c655cb1-7ff77c655cbc call 7ff77c655608 477->485 510 7ff77c655f27-7ff77c655f32 call 7ff77c655608 484->510 511 7ff77c65605f-7ff77c6560cd call 7ff77c64a970 call 7ff77c6515e8 484->511 485->484 491 7ff77c655cc2-7ff77c655ccc 485->491 493 7ff77c655cee-7ff77c655cf2 491->493 494 7ff77c655cce-7ff77c655cd1 491->494 495 7ff77c655cf5-7ff77c655cfd 493->495 497 7ff77c655cd4-7ff77c655cdf 494->497 495->495 498 7ff77c655cff-7ff77c655d12 call 7ff77c64d66c 495->498 500 7ff77c655cea-7ff77c655cec 497->500 501 7ff77c655ce1-7ff77c655ce8 497->501 508 7ff77c655d2a-7ff77c655d36 call 7ff77c64a9b8 498->508 509 7ff77c655d14-7ff77c655d16 call 7ff77c64a9b8 498->509 500->493 502 7ff77c655d1b-7ff77c655d29 500->502 501->497 501->500 519 7ff77c655d3d-7ff77c655d45 508->519 509->502 510->511 521 7ff77c655f38-7ff77c655f43 call 7ff77c655638 510->521 531 7ff77c6560db-7ff77c6560de 511->531 532 7ff77c6560cf-7ff77c6560d6 511->532 519->519 520 7ff77c655d47-7ff77c655d58 call 7ff77c6504e4 519->520 520->484 529 7ff77c655d5e-7ff77c655db4 call 7ff77c65a540 * 4 call 7ff77c655b8c 520->529 521->511 530 7ff77c655f49-7ff77c655f6c call 7ff77c64a9b8 GetTimeZoneInformation 521->530 590 7ff77c655db6-7ff77c655dba 529->590 547 7ff77c656034-7ff77c65605e call 7ff77c6555f0 call 7ff77c6555e0 call 7ff77c6555e8 530->547 548 7ff77c655f72-7ff77c655f93 530->548 534 7ff77c656115-7ff77c656128 call 7ff77c64d66c 531->534 535 7ff77c6560e0 531->535 537 7ff77c65616b-7ff77c65616e 532->537 556 7ff77c65612a 534->556 557 7ff77c656133-7ff77c65614e call 7ff77c6515e8 534->557 538 7ff77c6560e3 535->538 537->538 539 7ff77c656174-7ff77c65617c call 7ff77c655c70 537->539 544 7ff77c6560e8-7ff77c656114 call 7ff77c64a9b8 call 7ff77c63c5c0 538->544 545 7ff77c6560e3 call 7ff77c655eec 538->545 539->544 545->544 552 7ff77c655f9e-7ff77c655fa5 548->552 553 7ff77c655f95-7ff77c655f9b 548->553 562 7ff77c655fa7-7ff77c655faf 552->562 563 7ff77c655fb9 552->563 553->552 559 7ff77c65612c-7ff77c656131 call 7ff77c64a9b8 556->559 576 7ff77c656155-7ff77c656167 call 7ff77c64a9b8 557->576 577 7ff77c656150-7ff77c656153 557->577 559->535 562->563 570 7ff77c655fb1-7ff77c655fb7 562->570 569 7ff77c655fbb-7ff77c65602f call 7ff77c65a540 * 4 call 7ff77c652bcc call 7ff77c656184 * 2 563->569 569->547 570->569 576->537 577->559 592 7ff77c655dbc 590->592 593 7ff77c655dc0-7ff77c655dc4 590->593 592->593 593->590 594 7ff77c655dc6-7ff77c655deb call 7ff77c646bc8 593->594 600 7ff77c655dee-7ff77c655df2 594->600 602 7ff77c655df4-7ff77c655dff 600->602 603 7ff77c655e01-7ff77c655e05 600->603 602->603 605 7ff77c655e07-7ff77c655e0b 602->605 603->600 607 7ff77c655e8c-7ff77c655e90 605->607 608 7ff77c655e0d-7ff77c655e35 call 7ff77c646bc8 605->608 610 7ff77c655e97-7ff77c655ea4 607->610 611 7ff77c655e92-7ff77c655e94 607->611 617 7ff77c655e37 608->617 618 7ff77c655e53-7ff77c655e57 608->618 613 7ff77c655ea6-7ff77c655ebc call 7ff77c655b8c 610->613 614 7ff77c655ebf-7ff77c655ece call 7ff77c6555f0 call 7ff77c6555e0 610->614 611->610 613->614 614->484 621 7ff77c655e3a-7ff77c655e41 617->621 618->607 623 7ff77c655e59-7ff77c655e77 call 7ff77c646bc8 618->623 621->618 625 7ff77c655e43-7ff77c655e51 621->625 629 7ff77c655e83-7ff77c655e8a 623->629 625->618 625->621 629->607 630 7ff77c655e79-7ff77c655e7d 629->630 630->607 631 7ff77c655e7f 630->631 631->629
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655CB5
                                                                                                                                                                                                        • Part of subcall function 00007FF77C655608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF77C65561C
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9CE
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A9B8: GetLastError.KERNEL32(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9D8
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF77C64A94F,?,?,?,?,?,00007FF77C64A83A), ref: 00007FF77C64A979
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF77C64A94F,?,?,?,?,?,00007FF77C64A83A), ref: 00007FF77C64A99E
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655CA4
                                                                                                                                                                                                        • Part of subcall function 00007FF77C655668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF77C65567C
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655F1A
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655F2B
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655F3C
                                                                                                                                                                                                      • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF77C65617C), ref: 00007FF77C655F63
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                      • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                      • API String ID: 4070488512-239921721
                                                                                                                                                                                                      • Opcode ID: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                      • Instruction ID: a41159ca12899c9e77a6399d74472c0b955da2c82e3cac3455962cff85b38fbf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0D1B223B3864245E722BF21E4C55BAA752EF4C794FE08136EB4DC769ADE3CE4418760
                                                                                                                                                                                                      Function 00007FF77C6569D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 691 7ff77c6569d4-7ff77c656a47 call 7ff77c656708 694 7ff77c656a49-7ff77c656a52 call 7ff77c644f58 691->694 695 7ff77c656a61-7ff77c656a6b call 7ff77c648590 691->695 700 7ff77c656a55-7ff77c656a5c call 7ff77c644f78 694->700 701 7ff77c656a6d-7ff77c656a84 call 7ff77c644f58 call 7ff77c644f78 695->701 702 7ff77c656a86-7ff77c656aef CreateFileW 695->702 714 7ff77c656da2-7ff77c656dc2 700->714 701->700 705 7ff77c656b6c-7ff77c656b77 GetFileType 702->705 706 7ff77c656af1-7ff77c656af7 702->706 708 7ff77c656b79-7ff77c656bb4 GetLastError call 7ff77c644eec CloseHandle 705->708 709 7ff77c656bca-7ff77c656bd1 705->709 711 7ff77c656b39-7ff77c656b67 GetLastError call 7ff77c644eec 706->711 712 7ff77c656af9-7ff77c656afd 706->712 708->700 725 7ff77c656bba-7ff77c656bc5 call 7ff77c644f78 708->725 717 7ff77c656bd9-7ff77c656bdc 709->717 718 7ff77c656bd3-7ff77c656bd7 709->718 711->700 712->711 719 7ff77c656aff-7ff77c656b37 CreateFileW 712->719 723 7ff77c656be2-7ff77c656c37 call 7ff77c6484a8 717->723 724 7ff77c656bde 717->724 718->723 719->705 719->711 729 7ff77c656c39-7ff77c656c45 call 7ff77c656910 723->729 730 7ff77c656c56-7ff77c656c87 call 7ff77c656488 723->730 724->723 725->700 729->730 736 7ff77c656c47 729->736 737 7ff77c656c8d-7ff77c656ccf 730->737 738 7ff77c656c89-7ff77c656c8b 730->738 739 7ff77c656c49-7ff77c656c51 call 7ff77c64ab30 736->739 740 7ff77c656cf1-7ff77c656cfc 737->740 741 7ff77c656cd1-7ff77c656cd5 737->741 738->739 739->714 742 7ff77c656da0 740->742 743 7ff77c656d02-7ff77c656d06 740->743 741->740 745 7ff77c656cd7-7ff77c656cec 741->745 742->714 743->742 746 7ff77c656d0c-7ff77c656d51 CloseHandle CreateFileW 743->746 745->740 748 7ff77c656d53-7ff77c656d81 GetLastError call 7ff77c644eec call 7ff77c6486d0 746->748 749 7ff77c656d86-7ff77c656d9b 746->749 748->749 749->742
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1617910340-0
                                                                                                                                                                                                      • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                      • Instruction ID: 6e974f1467f80e3e32f6f854cc6697c8b9e4dcbf63594fe474f39d4998d22fe0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CC1DF37B38A4185EB51EF64D4812AE7762EB88B98B914225DF2E9B394CF38D151C310
                                                                                                                                                                                                      Function 00007FF77C6383B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindFirstFileW.KERNELBASE(?,00007FF77C638B09,00007FF77C633FA5), ref: 00007FF77C63841B
                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?,00007FF77C638B09,00007FF77C633FA5), ref: 00007FF77C63849E
                                                                                                                                                                                                      • DeleteFileW.KERNELBASE(?,00007FF77C638B09,00007FF77C633FA5), ref: 00007FF77C6384BD
                                                                                                                                                                                                      • FindNextFileW.KERNELBASE(?,00007FF77C638B09,00007FF77C633FA5), ref: 00007FF77C6384CB
                                                                                                                                                                                                      • FindClose.KERNEL32(?,00007FF77C638B09,00007FF77C633FA5), ref: 00007FF77C6384DC
                                                                                                                                                                                                      • RemoveDirectoryW.KERNELBASE(?,00007FF77C638B09,00007FF77C633FA5), ref: 00007FF77C6384E5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                      • String ID: %s\*
                                                                                                                                                                                                      • API String ID: 1057558799-766152087
                                                                                                                                                                                                      • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                      • Instruction ID: 3c5da9064b05a0eb78b995f2950a23fea1c5633528eee9ef15dba30a203920cc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB415423A3C54295EB71AB14A4C45FBA362FF9CB54FD00232DA9DC2A95DF3CD5498710
                                                                                                                                                                                                      Function 00007FF77C655EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1012 7ff77c655eec-7ff77c655f21 call 7ff77c6555f8 call 7ff77c655600 call 7ff77c655668 1019 7ff77c655f27-7ff77c655f32 call 7ff77c655608 1012->1019 1020 7ff77c65605f-7ff77c6560cd call 7ff77c64a970 call 7ff77c6515e8 1012->1020 1019->1020 1025 7ff77c655f38-7ff77c655f43 call 7ff77c655638 1019->1025 1032 7ff77c6560db-7ff77c6560de 1020->1032 1033 7ff77c6560cf-7ff77c6560d6 1020->1033 1025->1020 1031 7ff77c655f49-7ff77c655f6c call 7ff77c64a9b8 GetTimeZoneInformation 1025->1031 1045 7ff77c656034-7ff77c65605e call 7ff77c6555f0 call 7ff77c6555e0 call 7ff77c6555e8 1031->1045 1046 7ff77c655f72-7ff77c655f93 1031->1046 1034 7ff77c656115-7ff77c656128 call 7ff77c64d66c 1032->1034 1035 7ff77c6560e0 1032->1035 1037 7ff77c65616b-7ff77c65616e 1033->1037 1053 7ff77c65612a 1034->1053 1054 7ff77c656133-7ff77c65614e call 7ff77c6515e8 1034->1054 1038 7ff77c6560e3 1035->1038 1037->1038 1039 7ff77c656174-7ff77c65617c call 7ff77c655c70 1037->1039 1043 7ff77c6560e8-7ff77c656114 call 7ff77c64a9b8 call 7ff77c63c5c0 1038->1043 1044 7ff77c6560e3 call 7ff77c655eec 1038->1044 1039->1043 1044->1043 1049 7ff77c655f9e-7ff77c655fa5 1046->1049 1050 7ff77c655f95-7ff77c655f9b 1046->1050 1058 7ff77c655fa7-7ff77c655faf 1049->1058 1059 7ff77c655fb9 1049->1059 1050->1049 1056 7ff77c65612c-7ff77c656131 call 7ff77c64a9b8 1053->1056 1071 7ff77c656155-7ff77c656167 call 7ff77c64a9b8 1054->1071 1072 7ff77c656150-7ff77c656153 1054->1072 1056->1035 1058->1059 1065 7ff77c655fb1-7ff77c655fb7 1058->1065 1064 7ff77c655fbb-7ff77c65602f call 7ff77c65a540 * 4 call 7ff77c652bcc call 7ff77c656184 * 2 1059->1064 1064->1045 1065->1064 1071->1037 1072->1056
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655F1A
                                                                                                                                                                                                        • Part of subcall function 00007FF77C655668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF77C65567C
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655F2B
                                                                                                                                                                                                        • Part of subcall function 00007FF77C655608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF77C65561C
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655F3C
                                                                                                                                                                                                        • Part of subcall function 00007FF77C655638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF77C65564C
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9CE
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A9B8: GetLastError.KERNEL32(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9D8
                                                                                                                                                                                                      • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF77C65617C), ref: 00007FF77C655F63
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                      • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                      • API String ID: 3458911817-239921721
                                                                                                                                                                                                      • Opcode ID: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                      • Instruction ID: fc3b9eb9033d41aaf311671fe72dcb4598f5c85cbe5fa44e01d0c07e918b8a77
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80514D33B3864286E721FF21A9C15AAA762AB4C784F904536EB4DC7696DF3CE4408760
                                                                                                                                                                                                      Function 00007FF77C6392F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                      • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                      • Instruction ID: 2ee977b4d359e8598270d5b5f578115adeef70896603c7c67b083c718fa6027b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9F0C863A38741C6F7B19B60B4C8777B351AB8C328F880335DAAD466D4DF3CD0588A10
                                                                                                                                                                                                      Function 00007FF77C650938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1010374628-0
                                                                                                                                                                                                      • Opcode ID: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                      • Instruction ID: 265ac905bbca1fd2ecdd2a1df0392568171ce2c57534d73d83957c605237d8ac
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48025223B3D64280FB57BB11A48127BA692AF4DB90FE54635DE5DC63D2EE3DE5018320
                                                                                                                                                                                                      Function 00007FF77C631950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 329 7ff77c631950-7ff77c63198b call 7ff77c6345b0 332 7ff77c631c4e-7ff77c631c72 call 7ff77c63c5c0 329->332 333 7ff77c631991-7ff77c6319d1 call 7ff77c637f80 329->333 338 7ff77c6319d7-7ff77c6319e7 call 7ff77c640744 333->338 339 7ff77c631c3b-7ff77c631c3e call 7ff77c6400bc 333->339 344 7ff77c6319e9-7ff77c631a03 call 7ff77c644f78 call 7ff77c632910 338->344 345 7ff77c631a08-7ff77c631a24 call 7ff77c64040c 338->345 343 7ff77c631c43-7ff77c631c4b 339->343 343->332 344->339 351 7ff77c631a45-7ff77c631a5a call 7ff77c644f98 345->351 352 7ff77c631a26-7ff77c631a40 call 7ff77c644f78 call 7ff77c632910 345->352 359 7ff77c631a7b-7ff77c631afc call 7ff77c631c80 * 2 call 7ff77c640744 351->359 360 7ff77c631a5c-7ff77c631a76 call 7ff77c644f78 call 7ff77c632910 351->360 352->339 371 7ff77c631b01-7ff77c631b14 call 7ff77c644fb4 359->371 360->339 374 7ff77c631b35-7ff77c631b4e call 7ff77c64040c 371->374 375 7ff77c631b16-7ff77c631b30 call 7ff77c644f78 call 7ff77c632910 371->375 381 7ff77c631b6f-7ff77c631b8b call 7ff77c640180 374->381 382 7ff77c631b50-7ff77c631b6a call 7ff77c644f78 call 7ff77c632910 374->382 375->339 389 7ff77c631b8d-7ff77c631b99 call 7ff77c632710 381->389 390 7ff77c631b9e-7ff77c631bac 381->390 382->339 389->339 390->339 393 7ff77c631bb2-7ff77c631bb9 390->393 395 7ff77c631bc1-7ff77c631bc7 393->395 396 7ff77c631bc9-7ff77c631bd6 395->396 397 7ff77c631be0-7ff77c631bef 395->397 398 7ff77c631bf1-7ff77c631bfa 396->398 397->397 397->398 399 7ff77c631bfc-7ff77c631bff 398->399 400 7ff77c631c0f 398->400 399->400 402 7ff77c631c01-7ff77c631c04 399->402 401 7ff77c631c11-7ff77c631c24 400->401 404 7ff77c631c2d-7ff77c631c39 401->404 405 7ff77c631c26 401->405 402->400 403 7ff77c631c06-7ff77c631c09 402->403 403->400 406 7ff77c631c0b-7ff77c631c0d 403->406 404->339 404->395 405->404 406->401
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00007FF77C637F80: _fread_nolock.LIBCMT ref: 00007FF77C63802A
                                                                                                                                                                                                      • _fread_nolock.LIBCMT ref: 00007FF77C631A1B
                                                                                                                                                                                                        • Part of subcall function 00007FF77C632910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF77C631B6A), ref: 00007FF77C63295E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                      • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                      • API String ID: 2397952137-3497178890
                                                                                                                                                                                                      • Opcode ID: a160029e6a37842be442ab761c617b97701ff7f030f4f7bf0d288629a410a574
                                                                                                                                                                                                      • Instruction ID: 35c52bdfd9152fee9e3d00afc52d1cfae8b5c8307c3428e46191c0d58e939bc0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a160029e6a37842be442ab761c617b97701ff7f030f4f7bf0d288629a410a574
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 098182B3A3C68685E752BB14E4812BBA3A2EF8C744FD04431DA8DC7795DE3CE6458760
                                                                                                                                                                                                      Function 00007FF77C631600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 407 7ff77c631600-7ff77c631611 408 7ff77c631637-7ff77c631651 call 7ff77c6345b0 407->408 409 7ff77c631613-7ff77c63161c call 7ff77c631050 407->409 414 7ff77c631682-7ff77c63169c call 7ff77c6345b0 408->414 415 7ff77c631653-7ff77c631681 call 7ff77c644f78 call 7ff77c632910 408->415 416 7ff77c63162e-7ff77c631636 409->416 417 7ff77c63161e-7ff77c631629 call 7ff77c632710 409->417 424 7ff77c6316b8-7ff77c6316cf call 7ff77c640744 414->424 425 7ff77c63169e-7ff77c6316b3 call 7ff77c632710 414->425 417->416 431 7ff77c6316f9-7ff77c6316fd 424->431 432 7ff77c6316d1-7ff77c6316f4 call 7ff77c644f78 call 7ff77c632910 424->432 433 7ff77c631821-7ff77c631824 call 7ff77c6400bc 425->433 435 7ff77c631717-7ff77c631737 call 7ff77c644fb4 431->435 436 7ff77c6316ff-7ff77c63170b call 7ff77c631210 431->436 446 7ff77c631819-7ff77c63181c call 7ff77c6400bc 432->446 441 7ff77c631829-7ff77c63183b 433->441 447 7ff77c631739-7ff77c63175c call 7ff77c644f78 call 7ff77c632910 435->447 448 7ff77c631761-7ff77c63176c 435->448 443 7ff77c631710-7ff77c631712 436->443 443->446 446->433 461 7ff77c63180f-7ff77c631814 447->461 449 7ff77c631802-7ff77c63180a call 7ff77c644fa0 448->449 450 7ff77c631772-7ff77c631777 448->450 449->461 454 7ff77c631780-7ff77c6317a2 call 7ff77c64040c 450->454 462 7ff77c6317da-7ff77c6317e6 call 7ff77c644f78 454->462 463 7ff77c6317a4-7ff77c6317bc call 7ff77c640b4c 454->463 461->446 468 7ff77c6317ed-7ff77c6317f8 call 7ff77c632910 462->468 469 7ff77c6317be-7ff77c6317c1 463->469 470 7ff77c6317c5-7ff77c6317d8 call 7ff77c644f78 463->470 475 7ff77c6317fd 468->475 469->454 472 7ff77c6317c3 469->472 470->468 472->475 475->449
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                      • API String ID: 2050909247-1550345328
                                                                                                                                                                                                      • Opcode ID: b7cfde611c470d5de2a22cfb734085cfddee959ab285f2d596dd9298a7ff1e46
                                                                                                                                                                                                      • Instruction ID: 908a1b350d62b9c65f70f82d3611bbacc2d3698607f407ec5d4a5af64406cb9b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7cfde611c470d5de2a22cfb734085cfddee959ab285f2d596dd9298a7ff1e46
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E51A263B3864292EB12BB51A4801BBE362BF8D794FD44531EE1C877D2DE3CE6458360
                                                                                                                                                                                                      Function 00007FF77C638850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTempPathW.KERNEL32(?,?,00000000,00007FF77C633CBB), ref: 00007FF77C6388F4
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00007FF77C633CBB), ref: 00007FF77C6388FA
                                                                                                                                                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,00007FF77C633CBB), ref: 00007FF77C63893C
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638A20: GetEnvironmentVariableW.KERNEL32(00007FF77C63388E), ref: 00007FF77C638A57
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF77C638A79
                                                                                                                                                                                                        • Part of subcall function 00007FF77C6482A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF77C6482C1
                                                                                                                                                                                                        • Part of subcall function 00007FF77C632810: MessageBoxW.USER32 ref: 00007FF77C6328EA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                      • API String ID: 3563477958-1339014028
                                                                                                                                                                                                      • Opcode ID: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                      • Instruction ID: 3e306fa1590a24d5078505c44ce94abca282e781c9ed829ea387d64cd84a1fc2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE417313A3864245EB52BB25A9D51FB9292AF8CB80FD04132EE0DD66D6DD3CE6048320
                                                                                                                                                                                                      Function 00007FF77C631210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 754 7ff77c631210-7ff77c63126d call 7ff77c63bdf0 757 7ff77c631297-7ff77c6312af call 7ff77c644fb4 754->757 758 7ff77c63126f-7ff77c631296 call 7ff77c632710 754->758 763 7ff77c6312b1-7ff77c6312cf call 7ff77c644f78 call 7ff77c632910 757->763 764 7ff77c6312d4-7ff77c6312e4 call 7ff77c644fb4 757->764 775 7ff77c631439-7ff77c63144e call 7ff77c63bad0 call 7ff77c644fa0 * 2 763->775 769 7ff77c631309-7ff77c63131b 764->769 770 7ff77c6312e6-7ff77c631304 call 7ff77c644f78 call 7ff77c632910 764->770 773 7ff77c631320-7ff77c631345 call 7ff77c64040c 769->773 770->775 783 7ff77c63134b-7ff77c631355 call 7ff77c640180 773->783 784 7ff77c631431 773->784 792 7ff77c631453-7ff77c63146d 775->792 783->784 790 7ff77c63135b-7ff77c631367 783->790 784->775 791 7ff77c631370-7ff77c631398 call 7ff77c63a230 790->791 795 7ff77c63139a-7ff77c63139d 791->795 796 7ff77c631416-7ff77c63142c call 7ff77c632710 791->796 797 7ff77c631411 795->797 798 7ff77c63139f-7ff77c6313a9 795->798 796->784 797->796 800 7ff77c6313ab-7ff77c6313b9 call 7ff77c640b4c 798->800 801 7ff77c6313d4-7ff77c6313d7 798->801 806 7ff77c6313be-7ff77c6313c1 800->806 803 7ff77c6313d9-7ff77c6313e7 call 7ff77c659ea0 801->803 804 7ff77c6313ea-7ff77c6313ef 801->804 803->804 804->791 805 7ff77c6313f5-7ff77c6313f8 804->805 808 7ff77c6313fa-7ff77c6313fd 805->808 809 7ff77c63140c-7ff77c63140f 805->809 810 7ff77c6313cf-7ff77c6313d2 806->810 811 7ff77c6313c3-7ff77c6313cd call 7ff77c640180 806->811 808->796 813 7ff77c6313ff-7ff77c631407 808->813 809->784 810->796 811->804 811->810 813->773
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                      • API String ID: 2050909247-2813020118
                                                                                                                                                                                                      • Opcode ID: 5203fde90a14cfca52878d148793ed0f56fa2f4a03ba52266beea290f2c18543
                                                                                                                                                                                                      • Instruction ID: 449d78a6db43a6b6a4126bdaed83cf8eacd26779eeb93c9f080bc59d0a17e770
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5203fde90a14cfca52878d148793ed0f56fa2f4a03ba52266beea290f2c18543
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE51B563A3864245E762BB11A4903BBE292BF89794FD44135EE4E877C6DE3CE6418720
                                                                                                                                                                                                      Function 00007FF77C64ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF77C64F11A,?,?,-00000018,00007FF77C64ADC3,?,?,?,00007FF77C64ACBA,?,?,?,00007FF77C645FAE), ref: 00007FF77C64EEFC
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF77C64F11A,?,?,-00000018,00007FF77C64ADC3,?,?,?,00007FF77C64ACBA,?,?,?,00007FF77C645FAE), ref: 00007FF77C64EF08
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                      • API String ID: 3013587201-537541572
                                                                                                                                                                                                      • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                      • Instruction ID: 668d798f9973a83621ca0681d29cfe874e03cdac1b470e88bd5391cf6b6c1c10
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A741C427B39A1282EB17EB169884577F292BF4DB90FC84535DD1DDB384EE3CE6058220
                                                                                                                                                                                                      Function 00007FF77C6336B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF77C633804), ref: 00007FF77C6336E1
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C633804), ref: 00007FF77C6336EB
                                                                                                                                                                                                        • Part of subcall function 00007FF77C632C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF77C633706,?,00007FF77C633804), ref: 00007FF77C632C9E
                                                                                                                                                                                                        • Part of subcall function 00007FF77C632C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF77C633706,?,00007FF77C633804), ref: 00007FF77C632D63
                                                                                                                                                                                                        • Part of subcall function 00007FF77C632C50: MessageBoxW.USER32 ref: 00007FF77C632D99
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                      • API String ID: 3187769757-2863816727
                                                                                                                                                                                                      • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                      • Instruction ID: 06af7d9a094265e26c22c70e98f3d0bffe1b72df2d7041147b00421daf22a886
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90217463B3C54291FB22B721E8943B7A262BF9C394FD04132EA5DC66D5EE2CE505C724
                                                                                                                                                                                                      Function 00007FF77C64BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 899 7ff77c64bacc-7ff77c64baf2 900 7ff77c64bb0d-7ff77c64bb11 899->900 901 7ff77c64baf4-7ff77c64bb08 call 7ff77c644f58 call 7ff77c644f78 899->901 903 7ff77c64bee7-7ff77c64bef3 call 7ff77c644f58 call 7ff77c644f78 900->903 904 7ff77c64bb17-7ff77c64bb1e 900->904 919 7ff77c64befe 901->919 922 7ff77c64bef9 call 7ff77c64a950 903->922 904->903 905 7ff77c64bb24-7ff77c64bb52 904->905 905->903 908 7ff77c64bb58-7ff77c64bb5f 905->908 911 7ff77c64bb78-7ff77c64bb7b 908->911 912 7ff77c64bb61-7ff77c64bb73 call 7ff77c644f58 call 7ff77c644f78 908->912 917 7ff77c64bee3-7ff77c64bee5 911->917 918 7ff77c64bb81-7ff77c64bb87 911->918 912->922 920 7ff77c64bf01-7ff77c64bf18 917->920 918->917 923 7ff77c64bb8d-7ff77c64bb90 918->923 919->920 922->919 923->912 926 7ff77c64bb92-7ff77c64bbb7 923->926 928 7ff77c64bbb9-7ff77c64bbbb 926->928 929 7ff77c64bbea-7ff77c64bbf1 926->929 932 7ff77c64bbbd-7ff77c64bbc4 928->932 933 7ff77c64bbe2-7ff77c64bbe8 928->933 930 7ff77c64bbf3-7ff77c64bc1b call 7ff77c64d66c call 7ff77c64a9b8 * 2 929->930 931 7ff77c64bbc6-7ff77c64bbdd call 7ff77c644f58 call 7ff77c644f78 call 7ff77c64a950 929->931 964 7ff77c64bc1d-7ff77c64bc33 call 7ff77c644f78 call 7ff77c644f58 930->964 965 7ff77c64bc38-7ff77c64bc63 call 7ff77c64c2f4 930->965 962 7ff77c64bd70 931->962 932->931 932->933 934 7ff77c64bc68-7ff77c64bc7f 933->934 937 7ff77c64bcfa-7ff77c64bd04 call 7ff77c65398c 934->937 938 7ff77c64bc81-7ff77c64bc89 934->938 949 7ff77c64bd8e 937->949 950 7ff77c64bd0a-7ff77c64bd1f 937->950 938->937 943 7ff77c64bc8b-7ff77c64bc8d 938->943 943->937 947 7ff77c64bc8f-7ff77c64bca5 943->947 947->937 952 7ff77c64bca7-7ff77c64bcb3 947->952 958 7ff77c64bd93-7ff77c64bdb3 ReadFile 949->958 950->949 954 7ff77c64bd21-7ff77c64bd33 GetConsoleMode 950->954 952->937 956 7ff77c64bcb5-7ff77c64bcb7 952->956 954->949 961 7ff77c64bd35-7ff77c64bd3d 954->961 956->937 963 7ff77c64bcb9-7ff77c64bcd1 956->963 959 7ff77c64bead-7ff77c64beb6 GetLastError 958->959 960 7ff77c64bdb9-7ff77c64bdc1 958->960 969 7ff77c64beb8-7ff77c64bece call 7ff77c644f78 call 7ff77c644f58 959->969 970 7ff77c64bed3-7ff77c64bed6 959->970 960->959 966 7ff77c64bdc7 960->966 961->958 968 7ff77c64bd3f-7ff77c64bd61 ReadConsoleW 961->968 971 7ff77c64bd73-7ff77c64bd7d call 7ff77c64a9b8 962->971 963->937 972 7ff77c64bcd3-7ff77c64bcdf 963->972 964->962 965->934 974 7ff77c64bdce-7ff77c64bde3 966->974 976 7ff77c64bd63 GetLastError 968->976 977 7ff77c64bd82-7ff77c64bd8c 968->977 969->962 981 7ff77c64bedc-7ff77c64bede 970->981 982 7ff77c64bd69-7ff77c64bd6b call 7ff77c644eec 970->982 971->920 972->937 980 7ff77c64bce1-7ff77c64bce3 972->980 974->971 985 7ff77c64bde5-7ff77c64bdf0 974->985 976->982 977->974 980->937 989 7ff77c64bce5-7ff77c64bcf5 980->989 981->971 982->962 991 7ff77c64be17-7ff77c64be1f 985->991 992 7ff77c64bdf2-7ff77c64be0b call 7ff77c64b6e4 985->992 989->937 995 7ff77c64be9b-7ff77c64bea8 call 7ff77c64b524 991->995 996 7ff77c64be21-7ff77c64be33 991->996 999 7ff77c64be10-7ff77c64be12 992->999 995->999 1000 7ff77c64be8e-7ff77c64be96 996->1000 1001 7ff77c64be35 996->1001 999->971 1000->971 1003 7ff77c64be3a-7ff77c64be41 1001->1003 1004 7ff77c64be7d-7ff77c64be88 1003->1004 1005 7ff77c64be43-7ff77c64be47 1003->1005 1004->1000 1006 7ff77c64be49-7ff77c64be50 1005->1006 1007 7ff77c64be63 1005->1007 1006->1007 1009 7ff77c64be52-7ff77c64be56 1006->1009 1008 7ff77c64be69-7ff77c64be79 1007->1008 1008->1003 1010 7ff77c64be7b 1008->1010 1009->1007 1011 7ff77c64be58-7ff77c64be61 1009->1011 1010->1000 1011->1008
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                      • Instruction ID: 72343e9ac82cd5047bbc8b378b984324359da8c0ad43e2cdb456e8fcb7a1e565
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6C1D52393CA8691E7526B55D0806BFB792EBC9B80FD54131EE4D8B791CE7CE7458320
                                                                                                                                                                                                      Function 00007FF77C638760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 995526605-0
                                                                                                                                                                                                      • Opcode ID: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                      • Instruction ID: 868ca856f451a2f1b2052b18092ee8553e4219f53cd6ed36ec3068dd8b33fd62
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38214422B2864241EB51AB55B49427BE7A2EBCDBA0F900235EA6D836E4DE7CD4448710
                                                                                                                                                                                                      Function 00007FF77C6390E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638760: GetCurrentProcess.KERNEL32 ref: 00007FF77C638780
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638760: OpenProcessToken.ADVAPI32 ref: 00007FF77C638793
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638760: GetTokenInformation.KERNELBASE ref: 00007FF77C6387B8
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638760: GetLastError.KERNEL32 ref: 00007FF77C6387C2
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638760: GetTokenInformation.KERNELBASE ref: 00007FF77C638802
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF77C63881E
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638760: CloseHandle.KERNEL32 ref: 00007FF77C638836
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,00007FF77C633C55), ref: 00007FF77C63916C
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,00007FF77C633C55), ref: 00007FF77C639175
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                      • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                      • API String ID: 6828938-1529539262
                                                                                                                                                                                                      • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                      • Instruction ID: c4cbfdd55ff3bf00d0f1a6a12ec3965102984bd89673b3ed4d265df4b183e318
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F211C23A38A4292E752BB10E5952EBA362FF8C780FD44035EA4D93796DF3CD9458760
                                                                                                                                                                                                      Function 00007FF77C637E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateDirectoryW.KERNELBASE(00000000,?,00007FF77C63352C,?,00000000,00007FF77C633F23), ref: 00007FF77C637F22
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateDirectory
                                                                                                                                                                                                      • String ID: %.*s$%s%c$\
                                                                                                                                                                                                      • API String ID: 4241100979-1685191245
                                                                                                                                                                                                      • Opcode ID: 8ca7fb79b4ea6b2c566bb37e9ebd00ba932afb87f6e77ad964f7d4209dd14296
                                                                                                                                                                                                      • Instruction ID: ce051cdecd649ffd4b8b906fc6b4726a4461688e1ba2e9fab7c7db271e23a92d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ca7fb79b4ea6b2c566bb37e9ebd00ba932afb87f6e77ad964f7d4209dd14296
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7431BA22739AC145EB22A711A9907A7A355FF8CBE4F840231EE6D877C9DF2CD601C710
                                                                                                                                                                                                      Function 00007FF77C64CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF77C64CFBB), ref: 00007FF77C64D0EC
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF77C64CFBB), ref: 00007FF77C64D177
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 953036326-0
                                                                                                                                                                                                      • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                      • Instruction ID: 9bcbff13d573288282b5b02289e3beb4b2873bfd979ac45536a91a6ebeef06f2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C791A723F3865195F792AF65D4C027FBBA2BB48B88F944135DF0E9B685CE38D6418720
                                                                                                                                                                                                      Function 00007FF77C64F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _get_daylight$_isindst
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4170891091-0
                                                                                                                                                                                                      • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                      • Instruction ID: 23ca9c12ba1978b4d5c20015507695e955a0a2c7a3bda9264c7e232cf9c106ba
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04513873F381118AFB15EF2499D16BEB7A2AB08358F900235DE1DD6AE4DB38E601C711
                                                                                                                                                                                                      Function 00007FF77C6457EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2780335769-0
                                                                                                                                                                                                      • Opcode ID: 6433626fc0a770ba4f6d83c09f3326f67990d509dea1b3a303c7df294cc1bd66
                                                                                                                                                                                                      • Instruction ID: 5abc24d194951af423cac8284e64c59d93a2f0c5a19dfef73498942b8bd932ab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6433626fc0a770ba4f6d83c09f3326f67990d509dea1b3a303c7df294cc1bd66
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F519233E38A418AFB11EF71D4903BE73A2AB48B58F944435DE4D9B689DF38D6418720
                                                                                                                                                                                                      Function 00007FF77C645698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1279662727-0
                                                                                                                                                                                                      • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                      • Instruction ID: 6b2031f2022a60333ae8fa073d7710fa471f9d5118068ebb59b7a18e2bb2e1c5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C641B433D38B8183E351EB20959037AB261FB98764F509334EA5C47AD6DF6CA7E08720
                                                                                                                                                                                                      Function 00007FF77C63CCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3251591375-0
                                                                                                                                                                                                      • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                      • Instruction ID: 3c75460419d0a6bd819aa20e2bffc3bbfbe21fee87ce08a626a3ed1afae0dc49
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1313823E7851255FB27BB2498913BBA683AF49384FD44534FA0DCB2D7DE2CA505C270
                                                                                                                                                                                                      Function 00007FF77C649AA0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                      • Opcode ID: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                      • Instruction ID: be6f99faa977aad35e1c39867b3f0cbee6e5ce4f57dd56764d437963ccc1f0e8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9D09E12B7874642EB563B706CD947AA2576F8C745FA41438DD0B9A393ED2CA6894320
                                                                                                                                                                                                      Function 00007FF77C6401AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                      • Instruction ID: 35161f00ceea5db8d4f734909a7fbe4a85e0f33642812b5ab0d2d79bb5a6cf21
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F512B2373D26286E727BA65948067BB583AF4CBA4F944230DE6D8B7C5CF3CD7018620
                                                                                                                                                                                                      Function 00007FF77C64C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileLastPointer
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2976181284-0
                                                                                                                                                                                                      • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                      • Instruction ID: 12cc33ef135ed66a18025d4f413e7e3b6aba7442d071318187ee3e8eb1d6db66
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1611C862738A8181DB119B25B49416AB352FB89BF4F944331EE7D8B7D5CE7CD2118700
                                                                                                                                                                                                      Function 00007FF77C645994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF77C6458A9), ref: 00007FF77C6459C7
                                                                                                                                                                                                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF77C6458A9), ref: 00007FF77C6459DD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1707611234-0
                                                                                                                                                                                                      • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                      • Instruction ID: d8887b3e285c5373af64de2fea67744269b9724e38d36915a6aee9ec10071179
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D11A73363CA4281EB556B51A48117BF761FB88771F900235FA9DC5AD8EF2CD254CB10
                                                                                                                                                                                                      Function 00007FF77C64A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9CE
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9D8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 485612231-0
                                                                                                                                                                                                      • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                      • Instruction ID: fed10fb103d6477cc030b2ddc0bbe0c8510855317c9b2dfa37a530ce330f7167
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66E0BF52F3960252FF167BB264D617BA2536FCC740BC54434DA1DDA2A2DE2CAA858220
                                                                                                                                                                                                      Function 00007FF77C64ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CloseHandle.KERNELBASE(?,?,?,00007FF77C64AA45,?,?,00000000,00007FF77C64AAFA), ref: 00007FF77C64AC36
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF77C64AA45,?,?,00000000,00007FF77C64AAFA), ref: 00007FF77C64AC40
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseErrorHandleLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 918212764-0
                                                                                                                                                                                                      • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                      • Instruction ID: b1524c1358b2d25084c8c5301f31bbd33835f4cff8a29cb184a56de0c9176cb3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14215313B3C64251EB967761A4D127FA6839F8CB90F984235DA1ECB7C2CE6CE7454310
                                                                                                                                                                                                      Function 00007FF77C64BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: 77f2f9c0c3853e5df4dc99a11e1b25eaa2aec769d06f52d5773e5caefc843251
                                                                                                                                                                                                      • Instruction ID: 313c2e9e3f84f81d07dcb7a95320bdcaaa8fd6e8f9c99358a15c186b3d1f4e4b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77f2f9c0c3853e5df4dc99a11e1b25eaa2aec769d06f52d5773e5caefc843251
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D841E83393860187EB75EB55E58017BB3A2EB59B45F900131DA8DCB691CF2DE702CB61
                                                                                                                                                                                                      Function 00007FF77C637F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fread_nolock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 840049012-0
                                                                                                                                                                                                      • Opcode ID: 8334f334696440ef64ed4453da584d980c1c0ded1461c6629ef7e16216bca0a0
                                                                                                                                                                                                      • Instruction ID: e3ed3fa545c1b11e1a67dfdd069fd642da0a6efdd0b6c3f98ac237d2d5f8f01f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8334f334696440ef64ed4453da584d980c1c0ded1461c6629ef7e16216bca0a0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7215022B3865145EB52BA1265843FBE652BF4DBC4FC84431EE4D8B786CF3DE2418710
                                                                                                                                                                                                      Function 00007FF77C64B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                      • Instruction ID: 3d36fddc3f7c395abd5bcc2371566757168ab19091f844517a99fa8964755f9f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E318123A38A4285E7537B95C48227EB652EB88B94FC54135E91D8B3D2CE7CE7818730
                                                                                                                                                                                                      Function 00007FF77C6499D1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3947729631-0
                                                                                                                                                                                                      • Opcode ID: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                      • Instruction ID: 9b064eea46aee8b79be44a54ffad0cab2c1df290000ddde6534478ea85bd0ee4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3821A632A2474189EB15AF64C4806FD73A5FB48318F840635D71D4AAC5EF38D784CB50
                                                                                                                                                                                                      Function 00007FF77C646004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                      • Instruction ID: 9f4381dc3d53c78282251c2d9cc7030f33228ae357ad646e0d8d3cb9feac2e3d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3111233938A4141EBA27E51944117FF265AF49B84FC44031EE4C9BA9ADF3DD7418B22
                                                                                                                                                                                                      Function 00007FF77C6563C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                      • Instruction ID: 0fdeabe8b31d1c91d4da5585757769e766ca67f3e93f2c05b57d9ea6e98d6b20
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4621447363864286D762AF18E48037AB662EB88B94FA45234D75DC77D5DF3CD501CB10
                                                                                                                                                                                                      Function 00007FF77C64042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                      • Instruction ID: 91d204855f39683eabb33912eac4b5b170ee622047d929826912eb00450ae69e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F018223A3875180EB06FF52594106AF692AF89FE0B984631DE5C9BBDACE3CD3014710
                                                                                                                                                                                                      Function 00007FF77C647F6C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                      • Instruction ID: 863fb2fee8f79ee3ff9067b55dccfaca50392c573422bc69a91078e5325e347c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3015B22A3D64280FBA27A2265C117BF292AF5C794FD44535EA1CCA6C6DF2CA741C231
                                                                                                                                                                                                      Function 00007FF77C6482A8 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                      • Instruction ID: 2ceb2605b5ba01015001457685376c04deda522089056d3aef5238f6e49a4213
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46E0B6A2A3CA0787F7573AA445C21BBB1525F9D740FC14430E908DE2C3DE2CAB49A731
                                                                                                                                                                                                      Function 00007FF77C64EC08 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • HeapAlloc.KERNEL32(?,?,00000000,00007FF77C64B39A,?,?,?,00007FF77C644F81,?,?,?,?,00007FF77C64A4FA), ref: 00007FF77C64EC5D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocHeap
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4292702814-0
                                                                                                                                                                                                      • Opcode ID: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                      • Instruction ID: bd2e7b21759556caa03de58cd3f70ddbbed8d86597f48a0ed6911e2e873c806f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98F04F5AB3920640FF567A6254D12B7E2825F8CB80FCC5430C91DCE2D1ED1CA7914230
                                                                                                                                                                                                      Function 00007FF77C64D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • HeapAlloc.KERNEL32(?,?,?,00007FF77C640D00,?,?,?,00007FF77C64236A,?,?,?,?,?,00007FF77C643B59), ref: 00007FF77C64D6AA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocHeap
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4292702814-0
                                                                                                                                                                                                      • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                      • Instruction ID: 71995121434ff04a94afeb5904bb1de097200a28953701fc6daf20953cc25ded
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78F0DA12F3924645FF967B619891677A2925F9DBA0F880630AE2EC92D5DE2CA7408530

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00007FF77C6376B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressErrorLastProc
                                                                                                                                                                                                      • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                      • API String ID: 199729137-3427451314
                                                                                                                                                                                                      • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                      • Instruction ID: c7cd5e8f845eefd49097c50b4c305f367ae8b8077bee09d16880e4613f3d8226
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C02BE62B3DB0790EB17BB55BAD4577A3A3AF4D754BE41031CA2D822A0EF3CB5448235
                                                                                                                                                                                                      Function 00007FF77C65411C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                      • API String ID: 808467561-2761157908
                                                                                                                                                                                                      • Opcode ID: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                      • Instruction ID: 5bffa899b5d331bcb377d662f0390a6b1d669f404d4e1a039e2e8739d7d860bd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDB2DB73B382924BE7669E64E4847FEB7A2FB58344FA05135D70D97A88DB38E500CB50
                                                                                                                                                                                                      Function 00007FF77C63AD1D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                      • API String ID: 0-2665694366
                                                                                                                                                                                                      • Opcode ID: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                      • Instruction ID: b25cb76129514e7854098d9f175a915b6ba4727d7fc7215085408d8db41f9884
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8352C473A346A68BD7959F14D498B7E7BAAFB88340F414139EA4A877C0DB3CD844CB50
                                                                                                                                                                                                      Function 00007FF77C63D19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3140674995-0
                                                                                                                                                                                                      • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                      • Instruction ID: 9d56d606f5c3b37c063e9bc6f7c515f73ed0b3cb21dc667cbd5a27686f391b1e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A313F73728A8186EB619F60E8807FE6361FB88704F544039DB4D87B99DF38D548C724
                                                                                                                                                                                                      Function 00007FF77C64A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                                      • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                      • Instruction ID: 10961d40ca19563583e6b43eebefc639103177f96609aa5d8f11ceec8a24b810
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E317137628B8186DB219F24E8802AFB3A1FB88754F940135EB8D87B59DF3CC1558B10
                                                                                                                                                                                                      Function 00007FF77C6518E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2227656907-0
                                                                                                                                                                                                      • Opcode ID: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                      • Instruction ID: 1af0f1ce52f67dc771e30ee579fc503d775ed074317064283adea7303a5f4715
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31B1B7A7B3869241EB62AB21A4801BBE352EB4CBD4FA44131DF5D97B95EE3CE541C310
                                                                                                                                                                                                      Function 00007FF77C63D080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                      • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                      • Instruction ID: 85532175cff1d26de166d2022245fc2d59380cc482b0a8a62b0afb519ab4363c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91111F26B28B05CAEB00DF60E8952BA73A4F75D758F440E31DE5D86764DF78D1548350
                                                                                                                                                                                                      Function 00007FF77C653C80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memcpy_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1502251526-0
                                                                                                                                                                                                      • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                      • Instruction ID: 2a443d787266208f3fe6e1f6dc1e14a8fea799f5dd5a13a2d14c910aec8d8daa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4C1D473B3868687D7259F15B08467AF7A2F798B84FA48135DB4E83744DA3DE801CB40
                                                                                                                                                                                                      Function 00007FF77C63A4E4 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                      • API String ID: 0-1127688429
                                                                                                                                                                                                      • Opcode ID: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                      • Instruction ID: 7a0ced1172a0c7d9fd826275a7e0bff0420da93edc2292e1521b2874afdc5993
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60F1A263A383C58BE796AF1480C8B3BBAEEEF49740F464538DA4997391CB38D441D750
                                                                                                                                                                                                      Function 00007FF77C659798 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 15204871-0
                                                                                                                                                                                                      • Opcode ID: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                      • Instruction ID: e484e08f275c10dde63278c9a4ffa9ab5912b3cf3ac605989e8b8c59f5f10efc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46B1B077A24B858BEB16DF29D88236D77E1F748B48F288821DB5D837A4CB39D452C710
                                                                                                                                                                                                      Function 00007FF77C643A14 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: $
                                                                                                                                                                                                      • API String ID: 0-227171996
                                                                                                                                                                                                      • Opcode ID: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                      • Instruction ID: c0e99e00fcc50e21bb1fae4ce2a4bd303eddbc80468111d06663ba0c39ebc282
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8E1D73793864281EB6AAF1581D013EB3A2FF5DBC8F945135DA0E8B694DF29DB41C710
                                                                                                                                                                                                      Function 00007FF77C63A34B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                      • API String ID: 0-900081337
                                                                                                                                                                                                      • Opcode ID: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                      • Instruction ID: 1f88667ea05bfe8b6a7b5358c6da9c9023c26f078b351ed93b057af13d9977f0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD919673A3828687E7A69A15D4C8B3F7AAAFF48350F514139DA4AC67C1DB38E540CB50
                                                                                                                                                                                                      Function 00007FF77C64DF60 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: e+000$gfff
                                                                                                                                                                                                      • API String ID: 0-3030954782
                                                                                                                                                                                                      • Opcode ID: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                      • Instruction ID: 4fa45a3c4a72ca2fb37fd64d51a4c004221dbfdcee5511a4f48f14269134a13f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A518E27F382C185E7269E35988076AF792E749B94F888231CB6C8BAC5CF3DD641C710
                                                                                                                                                                                                      Function 00007FF77C64DACC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: gfffffff
                                                                                                                                                                                                      • API String ID: 0-1523873471
                                                                                                                                                                                                      • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                      • Instruction ID: 6c5ba479eddbaed7b0cfc7de332f6826d514b8811d1cf928fa27c988e8ebc48b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABA14763E3878546EB62DF25E0807AABB96AB59784F448031DF8D8B785DE3DD701C710
                                                                                                                                                                                                      Function 00007FF77C648804 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: TMP
                                                                                                                                                                                                      • API String ID: 3215553584-3125297090
                                                                                                                                                                                                      • Opcode ID: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                      • Instruction ID: 68a6bf2af83180e0fac1e8f3ea286d60a8396082a1d4f2fdcfc19d95a2ed1261
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD517C53F3864251EB66BA26598117BE2926F8CF88BD84134DE0DCB796EE3CE7414320
                                                                                                                                                                                                      Function 00007FF77C6534F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: HeapProcess
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 54951025-0
                                                                                                                                                                                                      • Opcode ID: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                      • Instruction ID: 80abf53b5a22174fba50cce20d1748f9b30fbfeb6f2cab2e758693079d15d357
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85B09221F3BA06C2EB0A3B216CC322A62A67F8C700FE80138C61C80330DE2C20E55720
                                                                                                                                                                                                      Function 00007FF77C643610 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                      • Instruction ID: bb38cca10c21ca041fd1bf83137e717e8a707a8f0b1efc07b6495a9580ca80be
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6D1DA63A3864245EB6AAE25809023FB792FF09B98F944135CE4D8B7D5DF39DB41C360
                                                                                                                                                                                                      Function 00007FF77C639870 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                      • Instruction ID: a1dcb09102cd3b890f30b215da17ec4751cdf7a60371fd96f56d62f5e8a7b17c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3C18E762281E08BD28AEB29E4A947A73D1F78930DBD5406BEF87477C5C73CA514DB20
                                                                                                                                                                                                      Function 00007FF77C642C80 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                      • Instruction ID: 980aad57feca3a352af366e2c4b99b9700175fb95356871d2e8452e40af18301
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3B19F73938B4585E7669F29C09023EBBA2E749B48FB44135CA4D8B395CF39D782C724
                                                                                                                                                                                                      Function 00007FF77C64E5E0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                      • Instruction ID: 2e604e1c3e0ecfccd10f8660a03c4b2e2de191d2aa814b2fe6ec43569599903e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2181E577A3828186DB75AB19948037BFA92FB49794F904235DA8D8BB95CE3CD7008B10
                                                                                                                                                                                                      Function 00007FF77C656488 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: 0ac6b4c320f8a85a272a2d207e476957e076465a5e78eda0eae0a584ad6410a5
                                                                                                                                                                                                      • Instruction ID: b9921609f8838285878739808f27d24ef17a516087b3bb204b0797b4e1f3bfa4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ac6b4c320f8a85a272a2d207e476957e076465a5e78eda0eae0a584ad6410a5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A361E723F3C19286E766A928A0D423FE592AF48360FB40239D71DC67D9DE6DE900C721
                                                                                                                                                                                                      Function 00007FF77C641DC4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                      • Instruction ID: 79fbd50ccd51925f184e2758af315cfbfeb4af61d711e441889b479713ee3d13
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7151AB77A3465281E7659B19C080639B7A2EB4CB58F744131CE4C8B795CB3AEF43C750
                                                                                                                                                                                                      Function 00007FF77C6421D4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                      • Instruction ID: c98ba9805a2bb65b5f68b7287f47c91d60fc533efee3d2fdf3f449093514480a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00516573A3865185E7269B29C08022A73A3EB58B58F745131CE4D8B798CF3AEB43C750
                                                                                                                                                                                                      Function 00007FF77C6419B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                      • Instruction ID: 109c7a02c1cc093d591ff92b119477efd8dcadedca8bf9e10929948890da3b4f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5351A9B7A3465182E7259B29C08023A7762EB4CB58F744131CE4D9B7A4DF3AEB83C750
                                                                                                                                                                                                      Function 00007FF77C641FD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                      • Instruction ID: 539079320b9b90d792da4d036f837c5c94d2178b0035c23a0a1f7ccc154282e2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02518537A3865185E7269B29C48022AB7A3EB58F58F744131CB4C9B794CF3AEF42C750
                                                                                                                                                                                                      Function 00007FF77C6417B0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                      • Instruction ID: 6aef64aa11d20ecd22a83e1d0a47f059378dca25583c6701ae0dc2fb2b111ca6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F51A777B3865185E7269B28C08027EB7A2EB48B58F745131CE4D9B794CF3AEB42C750
                                                                                                                                                                                                      Function 00007FF77C641BC0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                      • Instruction ID: da1a1fcb98959fddbfdfc192412c22cacc64cb40b5527f5fd930cd5de84b4749
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A51A7B3B3465585E7269B29C48023977A2EB49B58FB44131CE4C9B794CB3AEB43C750
                                                                                                                                                                                                      Function 00007FF77C645DA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                      • Instruction ID: 7ab24bc8b9d2d3b3332900b6058d457a3311ad095b8e6a3bd11c34c607d7fe0a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E441EC7383DF4A84EB9359280440ABAF6829F267A0DD81270DD99DB7DADD0D2B47C122
                                                                                                                                                                                                      Function 00007FF77C649F10 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 485612231-0
                                                                                                                                                                                                      • Opcode ID: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                      • Instruction ID: ef76f616fd03d6c3cd8159de3ac73a801655b1ddb008bf689e3c9fd757e883e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4841F423738A5582EF04DF2AD99416AB3A2BB5CFD4B899032DE4DD7B54EE3DC5418300
                                                                                                                                                                                                      Function 00007FF77C648154 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                      • Instruction ID: 4d76a3a325d0e906066b872cc21b8f37af6d84f28124296cf77c745b5cb6b879
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A231B433B38B4281E765BB25648013FB696AB8DB90F944239EA5DD7BD6DF3CD2014314
                                                                                                                                                                                                      Function 00007FF77C6595E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                      • Instruction ID: 2120d58e133a162225d0a0add127b26b1c6bb30833ab59f0f60ba5e8bb02f116
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BF044727382A58ADBA99F69A44362A77D1F708390F909539D68DC3E44DA3C90618F14
                                                                                                                                                                                                      Function 00007FF77C63D37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                      • Instruction ID: 821cc8c32432f63bf1e62d43d4c28c80bd0aba48774594c90168a87e0b456b94
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64A00122A3C80AD0E746AB00A8D0176A322BB99300B900031E60DC50A09E3CA8109221
                                                                                                                                                                                                      Function 00007FF77C635820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C635830
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C635842
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C635879
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C63588B
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C6358A4
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C6358B6
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C6358CF
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C6358E1
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C6358FD
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C63590F
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C63592B
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C63593D
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C635959
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C63596B
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C635987
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C635999
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C6359B5
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C6359C7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressErrorLastProc
                                                                                                                                                                                                      • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                      • API String ID: 199729137-653951865
                                                                                                                                                                                                      • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                      • Instruction ID: 0f67f3f9f5ef3faca929c6e198b9d2a730e8d2c9f8a7c052984995e3f0724bfe
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5022B566B39F0791FB07BB55B8D01B6A7A7AF4C745FE41436C91E82264EF3CA1488234
                                                                                                                                                                                                      Function 00007FF77C6381C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00007FF77C639400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF77C6345E4,00000000,00007FF77C631985), ref: 00007FF77C639439
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(?,00007FF77C6388A7,?,?,00000000,00007FF77C633CBB), ref: 00007FF77C63821C
                                                                                                                                                                                                        • Part of subcall function 00007FF77C632810: MessageBoxW.USER32 ref: 00007FF77C6328EA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                      • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                      • API String ID: 1662231829-930877121
                                                                                                                                                                                                      • Opcode ID: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                      • Instruction ID: b4795c968364faee0818537591df4f752c2475f69d1f9ffb18c0df18257a8dfb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92517513B3C64241FB52BB61A9D16BBE253AF9C780FD44032DB0EC66D6EE2CE5058760
                                                                                                                                                                                                      Function 00007FF77C632180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                      • String ID: P%
                                                                                                                                                                                                      • API String ID: 2147705588-2959514604
                                                                                                                                                                                                      • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                      • Instruction ID: be180701450347c49b5ca29539e970a7d9caaae2e24e4650ffb24c923fce21bf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB51D5366287A186D7349F26B4581BBB7A2FB98B61F004121EFDE83695DF3CD045DB20
                                                                                                                                                                                                      Function 00007FF77C6380B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                      • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                      • API String ID: 3975851968-2863640275
                                                                                                                                                                                                      • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                      • Instruction ID: c70121ada4e028e0be351826aa30a68c010c1f9b981b2844ad93ef5d9bcf0dff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F213523B38A4281E7566B79B89417BA252EFCCF90F984131DF2DC3394DE2CD5918321
                                                                                                                                                                                                      Function 00007FF77C646300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: -$:$f$p$p
                                                                                                                                                                                                      • API String ID: 3215553584-2013873522
                                                                                                                                                                                                      • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                      • Instruction ID: 91926c82e6b76e1147182d4e737ab68119a92b102291a1875d959d8cbb4e90c1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 701283A3A3C15386FB267B14D1942BBB693FB48754FC44435E6898E6C4DB7CE7808B20
                                                                                                                                                                                                      Function 00007FF77C641038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: f$f$p$p$f
                                                                                                                                                                                                      • API String ID: 3215553584-1325933183
                                                                                                                                                                                                      • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                      • Instruction ID: fac51973bd1196917c338ec96bc6720873c6b21acca37337ae2970885ffdf184
                                                                                                                                                                                                      • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A1274A3E3C14785FB22BA15E09467BF663EB44754FE84035D699CA9C4DB7CE7808B20
                                                                                                                                                                                                      Function 00007FF77C631050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                      • API String ID: 2050909247-3659356012
                                                                                                                                                                                                      • Opcode ID: 8ac83016c6d19718629361c98ce183280e134061d2f39cae6ebd349d7a60620e
                                                                                                                                                                                                      • Instruction ID: 3df8b116d815d9678d17537c549c6dcb0a4c7630eb520bb13e888315c66f08a2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ac83016c6d19718629361c98ce183280e134061d2f39cae6ebd349d7a60620e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27416263B3855241EB12FB12A8815BBE396BF8DB84FD44431ED4C87795DE3CE2458760
                                                                                                                                                                                                      Function 00007FF77C631470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                      • API String ID: 2050909247-3659356012
                                                                                                                                                                                                      • Opcode ID: 32ddf84ba07bcb3af5be6c29ad821ee78a82dc1a13238bf059d4699f4c578f7a
                                                                                                                                                                                                      • Instruction ID: f316fdd1e9b2d530c03798b782d712437283d0a0ad5b140fb5d90f127ad55efd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32ddf84ba07bcb3af5be6c29ad821ee78a82dc1a13238bf059d4699f4c578f7a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D04183A3B3854285EB02FB21A4815BBE392EF8C794FD44532EE4D87795DE3CE6418720
                                                                                                                                                                                                      Function 00007FF77C63EA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                                      • API String ID: 849930591-393685449
                                                                                                                                                                                                      • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                      • Instruction ID: 59c1283f52e92d9e6681d8530fb94a9bdf7b45f029f3b5ed55d8dae20ab1e420
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13D1A177A3874186EB22EB25D4803AEB7A1FB48798F400135EE4D97B95DF38E451C720
                                                                                                                                                                                                      Function 00007FF77C632C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF77C633706,?,00007FF77C633804), ref: 00007FF77C632C9E
                                                                                                                                                                                                      • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF77C633706,?,00007FF77C633804), ref: 00007FF77C632D63
                                                                                                                                                                                                      • MessageBoxW.USER32 ref: 00007FF77C632D99
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                      • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                      • API String ID: 3940978338-251083826
                                                                                                                                                                                                      • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                      • Instruction ID: f5708d039780d66c9dc51e505d35a1713d04afc18e947e0aaf9092ff12246f05
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E31B723728A4142E722BB15B8802ABA797BF8C798F800135EF4DD7759DE3CD546C710
                                                                                                                                                                                                      Function 00007FF77C63DD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF77C63DFEA,?,?,?,00007FF77C63DCDC,?,?,?,00007FF77C63D8D9), ref: 00007FF77C63DDBD
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF77C63DFEA,?,?,?,00007FF77C63DCDC,?,?,?,00007FF77C63D8D9), ref: 00007FF77C63DDCB
                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF77C63DFEA,?,?,?,00007FF77C63DCDC,?,?,?,00007FF77C63D8D9), ref: 00007FF77C63DDF5
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF77C63DFEA,?,?,?,00007FF77C63DCDC,?,?,?,00007FF77C63D8D9), ref: 00007FF77C63DE63
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF77C63DFEA,?,?,?,00007FF77C63DCDC,?,?,?,00007FF77C63D8D9), ref: 00007FF77C63DE6F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                      • API String ID: 2559590344-2084034818
                                                                                                                                                                                                      • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                      • Instruction ID: 7c1395ff52bb0383653c103124299ef6361d0c6233014f41a5557aa0bc79997d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0317022B3A64291EF13BB02A880576A795FF5CBA4F994535EE1D87384EF3CE4458324
                                                                                                                                                                                                      Function 00007FF77C636350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                      • API String ID: 2050909247-2434346643
                                                                                                                                                                                                      • Opcode ID: c6b32316bfe7a0aff6899d53276924ef6fe1744c5bc58fcca4aca07baf8add6e
                                                                                                                                                                                                      • Instruction ID: 326f31c9b6eccc8d91287921d9b1f57975db1fd3647c90b0526bfac092f4af95
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6b32316bfe7a0aff6899d53276924ef6fe1744c5bc58fcca4aca07baf8add6e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5412022B3868691EB12EB15E4941EBA322FF5C354FD04132EA5D83696EF3CE515C760
                                                                                                                                                                                                      Function 00007FF77C632A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF77C63351A,?,00000000,00007FF77C633F23), ref: 00007FF77C632AA0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                      • API String ID: 2050909247-2900015858
                                                                                                                                                                                                      • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                      • Instruction ID: 0c7eaf926f917a2dc6b1bdf557cbfa568e0ea31aca9bcd9739f1c98dfa5c6bc4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC217F73B38B8192E722EB51B8817E7A395BB88784F800132FE8C93659DF3CD2458650
                                                                                                                                                                                                      Function 00007FF77C64B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                      • Opcode ID: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                      • Instruction ID: 10ad2220ca5c5e41b241893cb13ff3311d6c512e72b1bfdc0d6b04a16c043729
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF213626A3C60241FB5A77A196E113FF1535F8CBA0F944634DD3E8AAD6DE2CA7018321
                                                                                                                                                                                                      Function 00007FF77C657DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                      • String ID: CONOUT$
                                                                                                                                                                                                      • API String ID: 3230265001-3130406586
                                                                                                                                                                                                      • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                      • Instruction ID: f73039f58a69863f39feb8ae68b61f6f28157fd86224e2d3a971d63c839ef94b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A117222738B4186E351AB52B89433AB3A1BB8CBE4F900234DE5DC7794DF3CD9048750
                                                                                                                                                                                                      Function 00007FF77C638560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF77C639216), ref: 00007FF77C638592
                                                                                                                                                                                                      • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF77C639216), ref: 00007FF77C6385E9
                                                                                                                                                                                                        • Part of subcall function 00007FF77C639400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF77C6345E4,00000000,00007FF77C631985), ref: 00007FF77C639439
                                                                                                                                                                                                      • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF77C639216), ref: 00007FF77C638678
                                                                                                                                                                                                      • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF77C639216), ref: 00007FF77C6386E4
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00000000,00007FF77C639216), ref: 00007FF77C6386F5
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00000000,00007FF77C639216), ref: 00007FF77C63870A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3462794448-0
                                                                                                                                                                                                      • Opcode ID: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                      • Instruction ID: 28527531bd5f85a04fb5933b420b89bcca8cf4e0eab7c35c7a94e4ab62da60cb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB419363B3868241EB71AB11A5846ABA3A6FF8CBD4F840136DF4D97785DE3CD501C720
                                                                                                                                                                                                      Function 00007FF77C64B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF77C644F81,?,?,?,?,00007FF77C64A4FA,?,?,?,?,00007FF77C6471FF), ref: 00007FF77C64B347
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C644F81,?,?,?,?,00007FF77C64A4FA,?,?,?,?,00007FF77C6471FF), ref: 00007FF77C64B37D
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C644F81,?,?,?,?,00007FF77C64A4FA,?,?,?,?,00007FF77C6471FF), ref: 00007FF77C64B3AA
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C644F81,?,?,?,?,00007FF77C64A4FA,?,?,?,?,00007FF77C6471FF), ref: 00007FF77C64B3BB
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C644F81,?,?,?,?,00007FF77C64A4FA,?,?,?,?,00007FF77C6471FF), ref: 00007FF77C64B3CC
                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF77C644F81,?,?,?,?,00007FF77C64A4FA,?,?,?,?,00007FF77C6471FF), ref: 00007FF77C64B3E7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                      • Opcode ID: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                      • Instruction ID: 4a48cffebe2a61792af35a5b47116c16b9f54490f83de3da2488f702f71ec4a4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5011F826A3CA4282F757776296D113BF1535F8C7A0B944634DA2ECA6D6DE2CA6018321
                                                                                                                                                                                                      Function 00007FF77C632910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF77C631B6A), ref: 00007FF77C63295E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                      • API String ID: 2050909247-2962405886
                                                                                                                                                                                                      • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                      • Instruction ID: 105a4c1febf8c39f9db4202fafb4e3b4aec72b4930ae7482d285028f2be29461
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6031A463B3868152E711A761B8816E7A296BF8C7D4F804132EE8DD3759EF3CD6468610
                                                                                                                                                                                                      Function 00007FF77C632390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                      • String ID: Unhandled exception in script
                                                                                                                                                                                                      • API String ID: 3081866767-2699770090
                                                                                                                                                                                                      • Opcode ID: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                      • Instruction ID: 155bd523d157080d4b4985a794b797d2d676d0096d09bd0851a4e3d1e9af62d7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8313273A3968189EB21AB21F8951FAA351FF8C784F940135EA4D8BA5ADF3CD105C710
                                                                                                                                                                                                      Function 00007FF77C632B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF77C63918F,?,00007FF77C633C55), ref: 00007FF77C632BA0
                                                                                                                                                                                                      • MessageBoxW.USER32 ref: 00007FF77C632C2A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentMessageProcess
                                                                                                                                                                                                      • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                      • API String ID: 1672936522-3797743490
                                                                                                                                                                                                      • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                      • Instruction ID: 711aac08c0f227ce4375ae82fe57499654687c397f11fe70bf9d22112f3eba4f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1921D373728B4192E712AB14F4807ABB3A5EB8C784F804132EE8D97659DF3CD205C710
                                                                                                                                                                                                      Function 00007FF77C632710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF77C631B99), ref: 00007FF77C632760
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                      • API String ID: 2050909247-1591803126
                                                                                                                                                                                                      • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                      • Instruction ID: 8e80d50c27a1b9f8f1a4797e9bf0ce19e3fa21fd2c4b938532dde35ea3163f2a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17217F73B38B8192E721EB50B8817E7A3A5AB8C384F800132FE8D93659DF3CD2458750
                                                                                                                                                                                                      Function 00007FF77C649AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                      • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                      • Instruction ID: 9ced3c645f015e697a5780e9d48ce8881e89055408235c85ab89a4174471f434
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75F0C822B3870681EB11AB10E4C473BA322AF8C765F940235CA6DC61F4DF2CD144C760
                                                                                                                                                                                                      Function 00007FF77C6593D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _set_statfp
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1156100317-0
                                                                                                                                                                                                      • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                      • Instruction ID: c1bccfd014470de4f93a445bf6febcdfd3de8bd4f414ac617918c4f9659566c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A711BF63F3CA1301FB663124F5D6377A0476F5C360EA40634EB6EC62D6AE2CAC438120
                                                                                                                                                                                                      Function 00007FF77C64B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF77C64A613,?,?,00000000,00007FF77C64A8AE,?,?,?,?,?,00007FF77C64A83A), ref: 00007FF77C64B41F
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C64A613,?,?,00000000,00007FF77C64A8AE,?,?,?,?,?,00007FF77C64A83A), ref: 00007FF77C64B43E
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C64A613,?,?,00000000,00007FF77C64A8AE,?,?,?,?,?,00007FF77C64A83A), ref: 00007FF77C64B466
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C64A613,?,?,00000000,00007FF77C64A8AE,?,?,?,?,?,00007FF77C64A83A), ref: 00007FF77C64B477
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C64A613,?,?,00000000,00007FF77C64A8AE,?,?,?,?,?,00007FF77C64A83A), ref: 00007FF77C64B488
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                      • Opcode ID: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                      • Instruction ID: c5bef97d19db0611c37f6753456b20e2e42877948ced5a7867b92fcfcbd1940a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD114D36A38A0241FB5AB36595D117BF1535F8C7B0F848334D82DCA6DADE2CE7028721
                                                                                                                                                                                                      Function 00007FF77C64B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                      • Opcode ID: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                      • Instruction ID: edbe6294b333b6ed2f12b73631b5c1f2b24e4e87b45380b3f23166e9f87ceedd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9211D226A3860641FB5A73A284A117BB1534F8D720F885734D92E8E2C2DD2CA7025222
                                                                                                                                                                                                      Function 00007FF77C646010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: verbose
                                                                                                                                                                                                      • API String ID: 3215553584-579935070
                                                                                                                                                                                                      • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                      • Instruction ID: c0937a6d003a2bc45d3255ea6de0033a3cd4150c306ce904a5500011a30514df
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8591B673A3CA4691F762AF24D4903BFB692AB48B54FC44136DA498B3D5DE3CE7458320
                                                                                                                                                                                                      Function 00007FF77C64FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                      • API String ID: 3215553584-1196891531
                                                                                                                                                                                                      • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                      • Instruction ID: 52a6b65dd5cc80f40b595ec834c58158d6b3d525f66e6237ecdbe51c83c78dea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B81B333D3824395F7A66E25818067BB6E3AB19748FD54035DA09DF285DF2DE7028323
                                                                                                                                                                                                      Function 00007FF77C63D6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 2395640692-1018135373
                                                                                                                                                                                                      • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                      • Instruction ID: 6965e2ac0e314fd2add5ffe01aa573cb129229d4cc9183fb06e58b3baa733d64
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45518333B396018ADB15EB15D494A7AB7A2EB48B98F904134DF4E87784DF7CE841C710
                                                                                                                                                                                                      Function 00007FF77C63EF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                                                                                                      • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                      • Instruction ID: a2a02dfb21cc193966ec202216a771b008e98c3e8b6102a07628f7df882fbbf0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E61AF33928BC581EB61AB15E4807AAF7A1FB88B84F444235EB9C47B95CF7CD194CB11
                                                                                                                                                                                                      Function 00007FF77C63F2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                                                      • API String ID: 3896166516-3733052814
                                                                                                                                                                                                      • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                      • Instruction ID: d693e4f61bb5b1242a56cebd355170672a6e035f31b01394ff97e53c60670301
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C51A23393824286EF65AE21908436AB692FB58B94F944175EA4D87796CF3CE450C722
                                                                                                                                                                                                      Function 00007FF77C632810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                      • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                      • API String ID: 2030045667-255084403
                                                                                                                                                                                                      • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                      • Instruction ID: 1b4244a08fd30e2f190c53808feb9a4b1aee219eb70209380e508cd193ebd343
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF21B173B28B4192E712AB14B4807ABB3A1EB8C780F804132EE8D9765ADE3CD245C710
                                                                                                                                                                                                      Function 00007FF77C64C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2718003287-0
                                                                                                                                                                                                      • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                      • Instruction ID: c7ab6ffb38eee2db5e57db636f10ec2fcfe27a63951b347fa77dbfaa6c59ab3a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97D13673B38A409AE712DF65D4801AD7772FB487D8B808235DE5E9BB89DE38D246C350
                                                                                                                                                                                                      Function 00007FF77C6320C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1956198572-0
                                                                                                                                                                                                      • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                      • Instruction ID: a1498169c64d959caea6e3caa2f081938b0370d7bf5f5b8b8bbd49c28f050398
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28117332B3C14242F756A769B6C427B9393EF8C780FD48030DF4946B9ACD2DD5958224
                                                                                                                                                                                                      Function 00007FF77C655B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: ?
                                                                                                                                                                                                      • API String ID: 1286766494-1684325040
                                                                                                                                                                                                      • Opcode ID: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                      • Instruction ID: 88d2bcf0ecf928fac81b21821be19b5a10c2a475332170f567da06d6ff908be3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8414E13B38A8241F7226715F48937BE652EB84BA4F60423AFF5C86AD9DE3CD441C710
                                                                                                                                                                                                      Function 00007FF77C649084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF77C6490B6
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9CE
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A9B8: GetLastError.KERNEL32(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9D8
                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF77C63CC15), ref: 00007FF77C6490D4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                      • API String ID: 3580290477-2746711996
                                                                                                                                                                                                      • Opcode ID: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                      • Instruction ID: 0884d2bb8c2d310e2fbb5d8fd1a69ee41a417566bbc2a288e83b60453dedf8ae
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA418133A38A02C5E716BF2595C14BEB396EB4CBC4BD54035E94D8BB85DE3DD6818320
                                                                                                                                                                                                      Function 00007FF77C64CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                      • API String ID: 442123175-4171548499
                                                                                                                                                                                                      • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                      • Instruction ID: 3bf149a663416871a8e823433cc20b563adee1bb7297b462979e70c55afafde2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B141A323B38A5191DB219F25E4843AAB7A1FB98794F904131EE4DC7798EF3CD601C750
                                                                                                                                                                                                      Function 00007FF77C64F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentDirectory
                                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                                      • API String ID: 1611563598-336475711
                                                                                                                                                                                                      • Opcode ID: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                      • Instruction ID: 8f8071e2971c9675147a6b75bf268c6153d44a2a205b82484bad481a81a6b509
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C21B163A3868182EB22AB11D48426EB3A3FB8CB44FD54035DA8C87694DF7CD7458B61
                                                                                                                                                                                                      Function 00007FF77C63FDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                                                      • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                      • Instruction ID: 665d6b28388d0edd8538baf9d53b4f6abdfb3a9500b757e5eb582e0cd4a00c8c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D112E32628B8582EB629F15F44026AB7E5FB8CB84F984270DF8D47759DF3CD5518B10
                                                                                                                                                                                                      Function 00007FF77C6507AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1799355307.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799335960.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799386721.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799415121.00007FF77C672000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1799457501.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                                      • API String ID: 2595371189-336475711
                                                                                                                                                                                                      • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                      • Instruction ID: c656d7984cd14de5c632a01b0ede08d5dc3cad7d8b4d8280c2711c614798db73
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33012523A3C60385F772BF60A4A627FB6A1EF4C748FD40435D64DC6691EE3CE5448A24

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:1.5%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:0.3%
                                                                                                                                                                                                      Total number of Nodes:633
                                                                                                                                                                                                      Total number of Limit Nodes:7
                                                                                                                                                                                                      execution_graph 66601 7ff77c645698 66602 7ff77c6456b2 66601->66602 66603 7ff77c6456cf 66601->66603 66626 7ff77c644f58 11 API calls _get_daylight 66602->66626 66603->66602 66605 7ff77c6456e2 CreateFileW 66603->66605 66607 7ff77c64574c 66605->66607 66608 7ff77c645716 66605->66608 66606 7ff77c6456b7 66627 7ff77c644f78 11 API calls _get_daylight 66606->66627 66630 7ff77c645c74 46 API calls 3 library calls 66607->66630 66629 7ff77c6457ec 59 API calls 3 library calls 66608->66629 66612 7ff77c645751 66615 7ff77c645780 66612->66615 66616 7ff77c645755 66612->66616 66613 7ff77c6456bf 66628 7ff77c64a950 37 API calls _invalid_parameter_noinfo 66613->66628 66614 7ff77c645724 66618 7ff77c64572b CloseHandle 66614->66618 66619 7ff77c645741 CloseHandle 66614->66619 66632 7ff77c645a34 51 API calls 66615->66632 66631 7ff77c644eec 11 API calls 2 library calls 66616->66631 66620 7ff77c6456ca 66618->66620 66619->66620 66623 7ff77c64578d 66633 7ff77c645b70 21 API calls _fread_nolock 66623->66633 66625 7ff77c64575f 66625->66620 66626->66606 66627->66613 66628->66620 66629->66614 66630->66612 66631->66625 66632->66623 66633->66625 66634 7ffdfac20180 GetSystemInfo 66635 7ffdfac201b4 66634->66635 66636 7ff77c63ccac 66657 7ff77c63ce7c 66636->66657 66639 7ff77c63cdf8 66806 7ff77c63d19c 7 API calls 2 library calls 66639->66806 66640 7ff77c63ccc8 __scrt_acquire_startup_lock 66642 7ff77c63ce02 66640->66642 66647 7ff77c63cce6 __scrt_release_startup_lock 66640->66647 66807 7ff77c63d19c 7 API calls 2 library calls 66642->66807 66644 7ff77c63cd0b 66645 7ff77c63ce0d __FrameHandler3::FrameUnwindToEmptyState 66646 7ff77c63cd91 66663 7ff77c63d2e4 66646->66663 66647->66644 66647->66646 66803 7ff77c649b9c 45 API calls 66647->66803 66649 7ff77c63cd96 66666 7ff77c631000 66649->66666 66654 7ff77c63cdb9 66654->66645 66805 7ff77c63d000 7 API calls 66654->66805 66656 7ff77c63cdd0 66656->66644 66658 7ff77c63ce84 66657->66658 66659 7ff77c63ce90 __scrt_dllmain_crt_thread_attach 66658->66659 66660 7ff77c63ccc0 66659->66660 66661 7ff77c63ce9d 66659->66661 66660->66639 66660->66640 66661->66660 66808 7ff77c63d8f8 7 API calls 2 library calls 66661->66808 66809 7ff77c65a540 66663->66809 66667 7ff77c631009 66666->66667 66811 7ff77c6454f4 66667->66811 66669 7ff77c6337fb 66818 7ff77c6336b0 66669->66818 66676 7ff77c63391b 66922 7ff77c6345b0 66676->66922 66677 7ff77c63383c 66917 7ff77c631c80 66677->66917 66681 7ff77c63385b 66890 7ff77c638a20 66681->66890 66682 7ff77c63396a 66945 7ff77c632710 54 API calls _log10_special 66682->66945 66686 7ff77c63388e 66693 7ff77c6338bb __std_exception_destroy 66686->66693 66921 7ff77c638b90 40 API calls __std_exception_destroy 66686->66921 66687 7ff77c63395d 66688 7ff77c633962 66687->66688 66689 7ff77c633984 66687->66689 66941 7ff77c6400bc 66688->66941 66691 7ff77c631c80 49 API calls 66689->66691 66694 7ff77c6339a3 66691->66694 66695 7ff77c638a20 14 API calls 66693->66695 66703 7ff77c6338de __std_exception_destroy 66693->66703 66699 7ff77c631950 115 API calls 66694->66699 66695->66703 66697 7ff77c633a0b 66948 7ff77c638b90 40 API calls __std_exception_destroy 66697->66948 66701 7ff77c6339ce 66699->66701 66700 7ff77c633a17 66949 7ff77c638b90 40 API calls __std_exception_destroy 66700->66949 66701->66681 66702 7ff77c6339de 66701->66702 66946 7ff77c632710 54 API calls _log10_special 66702->66946 66708 7ff77c63390e __std_exception_destroy 66703->66708 66947 7ff77c638b30 40 API calls __std_exception_destroy 66703->66947 66706 7ff77c633a23 66950 7ff77c638b90 40 API calls __std_exception_destroy 66706->66950 66709 7ff77c638a20 14 API calls 66708->66709 66710 7ff77c633a3b 66709->66710 66711 7ff77c633b2f 66710->66711 66712 7ff77c633a60 __std_exception_destroy 66710->66712 66952 7ff77c632710 54 API calls _log10_special 66711->66952 66723 7ff77c633aab 66712->66723 66951 7ff77c638b30 40 API calls __std_exception_destroy 66712->66951 66714 7ff77c633808 __std_exception_destroy 66955 7ff77c63c5c0 66714->66955 66716 7ff77c638a20 14 API calls 66717 7ff77c633bf4 __std_exception_destroy 66716->66717 66718 7ff77c633d41 66717->66718 66719 7ff77c633c46 66717->66719 66966 7ff77c6344d0 49 API calls 66718->66966 66720 7ff77c633c50 66719->66720 66721 7ff77c633cd4 66719->66721 66953 7ff77c6390e0 59 API calls _log10_special 66720->66953 66725 7ff77c638a20 14 API calls 66721->66725 66723->66716 66728 7ff77c633ce0 66725->66728 66726 7ff77c633d4f 66729 7ff77c633d71 66726->66729 66730 7ff77c633d65 66726->66730 66727 7ff77c633c55 66731 7ff77c633c61 66727->66731 66732 7ff77c633cb3 66727->66732 66728->66731 66736 7ff77c633ced 66728->66736 66734 7ff77c631c80 49 API calls 66729->66734 66967 7ff77c634620 66730->66967 66954 7ff77c632710 54 API calls _log10_special 66731->66954 66964 7ff77c638850 86 API calls 2 library calls 66732->66964 66747 7ff77c633d2b __std_exception_destroy 66734->66747 66739 7ff77c631c80 49 API calls 66736->66739 66737 7ff77c633cbb 66742 7ff77c633cc8 66737->66742 66743 7ff77c633cbf 66737->66743 66744 7ff77c633d0b 66739->66744 66740 7ff77c633dc4 66903 7ff77c639400 66740->66903 66742->66747 66743->66731 66744->66747 66748 7ff77c633d12 66744->66748 66745 7ff77c633da7 SetDllDirectoryW LoadLibraryExW 66745->66740 66746 7ff77c633dd7 SetDllDirectoryW 66751 7ff77c633e0a 66746->66751 66795 7ff77c633e5a 66746->66795 66747->66740 66747->66745 66965 7ff77c632710 54 API calls _log10_special 66748->66965 66753 7ff77c638a20 14 API calls 66751->66753 66752 7ff77c633ffc 66755 7ff77c634029 66752->66755 66756 7ff77c634006 PostMessageW GetMessageW 66752->66756 66759 7ff77c633e16 __std_exception_destroy 66753->66759 66754 7ff77c633f1b 66978 7ff77c6333c0 121 API calls 2 library calls 66754->66978 66908 7ff77c633360 66755->66908 66756->66755 66758 7ff77c633f23 66758->66714 66760 7ff77c633f2b 66758->66760 66762 7ff77c633ef2 66759->66762 66766 7ff77c633e4e 66759->66766 66979 7ff77c6390c0 LocalFree 66760->66979 66977 7ff77c638b30 40 API calls __std_exception_destroy 66762->66977 66766->66795 66970 7ff77c636db0 54 API calls _get_daylight 66766->66970 66771 7ff77c634043 66981 7ff77c636fb0 FreeLibrary 66771->66981 66776 7ff77c63404f 66777 7ff77c633e6c 66971 7ff77c637330 117 API calls 2 library calls 66777->66971 66782 7ff77c633e81 66784 7ff77c633ea2 66782->66784 66796 7ff77c633e85 66782->66796 66972 7ff77c636df0 120 API calls _log10_special 66782->66972 66784->66796 66973 7ff77c6371a0 125 API calls 66784->66973 66788 7ff77c633eb7 66788->66796 66974 7ff77c6374e0 55 API calls 66788->66974 66790 7ff77c633ee0 66976 7ff77c636fb0 FreeLibrary 66790->66976 66795->66752 66795->66754 66796->66795 66975 7ff77c632a50 54 API calls _log10_special 66796->66975 66803->66646 66804 7ff77c63d328 GetModuleHandleW 66804->66654 66805->66656 66806->66642 66807->66645 66808->66660 66810 7ff77c63d2fb GetStartupInfoW 66809->66810 66810->66649 66814 7ff77c64f4f0 66811->66814 66812 7ff77c64f543 66982 7ff77c64a884 37 API calls 2 library calls 66812->66982 66814->66812 66815 7ff77c64f596 66814->66815 66983 7ff77c64f3c8 71 API calls _fread_nolock 66815->66983 66817 7ff77c64f56c 66817->66669 66984 7ff77c63c8c0 66818->66984 66821 7ff77c6336eb GetLastError 66991 7ff77c632c50 51 API calls _log10_special 66821->66991 66822 7ff77c633710 66986 7ff77c6392f0 FindFirstFileExW 66822->66986 66825 7ff77c633706 66830 7ff77c63c5c0 _log10_special 8 API calls 66825->66830 66827 7ff77c63377d 66994 7ff77c6394b0 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 66827->66994 66828 7ff77c633723 66992 7ff77c639370 CreateFileW GetFinalPathNameByHandleW CloseHandle 66828->66992 66833 7ff77c6337b5 66830->66833 66832 7ff77c63378b 66832->66825 66995 7ff77c632810 49 API calls _log10_special 66832->66995 66833->66714 66840 7ff77c631950 66833->66840 66834 7ff77c633730 66835 7ff77c63374c __vcrt_InitializeCriticalSectionEx 66834->66835 66836 7ff77c633734 66834->66836 66835->66827 66993 7ff77c632810 49 API calls _log10_special 66836->66993 66839 7ff77c633745 66839->66825 66841 7ff77c6345b0 108 API calls 66840->66841 66842 7ff77c631985 66841->66842 66843 7ff77c631c43 66842->66843 66845 7ff77c637f80 83 API calls 66842->66845 66844 7ff77c63c5c0 _log10_special 8 API calls 66843->66844 66846 7ff77c631c5e 66844->66846 66847 7ff77c6319cb 66845->66847 66846->66676 66846->66677 66889 7ff77c631a03 66847->66889 66996 7ff77c640744 66847->66996 66849 7ff77c6400bc 74 API calls 66849->66843 66850 7ff77c6319e5 66851 7ff77c6319e9 66850->66851 66852 7ff77c631a08 66850->66852 67003 7ff77c644f78 11 API calls _get_daylight 66851->67003 67000 7ff77c64040c 66852->67000 66855 7ff77c6319ee 67004 7ff77c632910 54 API calls _log10_special 66855->67004 66858 7ff77c631a45 66862 7ff77c631a7b 66858->66862 66863 7ff77c631a5c 66858->66863 66859 7ff77c631a26 67005 7ff77c644f78 11 API calls _get_daylight 66859->67005 66861 7ff77c631a2b 67006 7ff77c632910 54 API calls _log10_special 66861->67006 66866 7ff77c631c80 49 API calls 66862->66866 67007 7ff77c644f78 11 API calls _get_daylight 66863->67007 66868 7ff77c631a92 66866->66868 66867 7ff77c631a61 67008 7ff77c632910 54 API calls _log10_special 66867->67008 66870 7ff77c631c80 49 API calls 66868->66870 66871 7ff77c631add 66870->66871 66872 7ff77c640744 73 API calls 66871->66872 66873 7ff77c631b01 66872->66873 66874 7ff77c631b35 66873->66874 66875 7ff77c631b16 66873->66875 66877 7ff77c64040c _fread_nolock 53 API calls 66874->66877 67009 7ff77c644f78 11 API calls _get_daylight 66875->67009 66879 7ff77c631b4a 66877->66879 66878 7ff77c631b1b 67010 7ff77c632910 54 API calls _log10_special 66878->67010 66881 7ff77c631b6f 66879->66881 66882 7ff77c631b50 66879->66882 67013 7ff77c640180 37 API calls 2 library calls 66881->67013 67011 7ff77c644f78 11 API calls _get_daylight 66882->67011 66885 7ff77c631b55 67012 7ff77c632910 54 API calls _log10_special 66885->67012 66886 7ff77c631b89 66886->66889 67014 7ff77c632710 54 API calls _log10_special 66886->67014 66889->66849 66891 7ff77c638a2a 66890->66891 66892 7ff77c639400 2 API calls 66891->66892 66893 7ff77c638a49 GetEnvironmentVariableW 66892->66893 66894 7ff77c638ab2 66893->66894 66895 7ff77c638a66 ExpandEnvironmentStringsW 66893->66895 66897 7ff77c63c5c0 _log10_special 8 API calls 66894->66897 66895->66894 66896 7ff77c638a88 66895->66896 67044 7ff77c6394b0 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 66896->67044 66899 7ff77c638ac4 66897->66899 66899->66686 66900 7ff77c638a9a 66901 7ff77c63c5c0 _log10_special 8 API calls 66900->66901 66902 7ff77c638aaa 66901->66902 66902->66686 66904 7ff77c639422 MultiByteToWideChar 66903->66904 66905 7ff77c639446 66903->66905 66904->66905 66907 7ff77c63945c __std_exception_destroy 66904->66907 66906 7ff77c639463 MultiByteToWideChar 66905->66906 66905->66907 66906->66907 66907->66746 67045 7ff77c636350 66908->67045 66912 7ff77c633381 66916 7ff77c633399 66912->66916 67113 7ff77c636040 66912->67113 66914 7ff77c63338d 66914->66916 67122 7ff77c6361d0 54 API calls 66914->67122 66980 7ff77c633670 FreeLibrary 66916->66980 66918 7ff77c631ca5 66917->66918 67261 7ff77c6449f4 66918->67261 66921->66693 66923 7ff77c6345bc 66922->66923 66924 7ff77c639400 2 API calls 66923->66924 66925 7ff77c6345e4 66924->66925 66926 7ff77c639400 2 API calls 66925->66926 66927 7ff77c6345f7 66926->66927 67288 7ff77c646004 66927->67288 66930 7ff77c63c5c0 _log10_special 8 API calls 66931 7ff77c63392b 66930->66931 66931->66682 66932 7ff77c637f80 66931->66932 66933 7ff77c637fa4 66932->66933 66934 7ff77c640744 73 API calls 66933->66934 66939 7ff77c63807b __std_exception_destroy 66933->66939 66935 7ff77c637fc0 66934->66935 66935->66939 67456 7ff77c647938 66935->67456 66937 7ff77c640744 73 API calls 66940 7ff77c637fd5 66937->66940 66938 7ff77c64040c _fread_nolock 53 API calls 66938->66940 66939->66687 66940->66937 66940->66938 66940->66939 66942 7ff77c6400ec 66941->66942 67472 7ff77c63fe98 66942->67472 66944 7ff77c640105 66944->66682 66945->66714 66946->66714 66947->66697 66948->66700 66949->66706 66950->66708 66951->66723 66952->66714 66953->66727 66954->66714 66956 7ff77c63c5c9 66955->66956 66957 7ff77c633ca7 66956->66957 66958 7ff77c63c950 IsProcessorFeaturePresent 66956->66958 66957->66804 66959 7ff77c63c968 66958->66959 67484 7ff77c63cb48 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 66959->67484 66961 7ff77c63c97b 67485 7ff77c63c910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 66961->67485 66964->66737 66965->66714 66966->66726 66968 7ff77c631c80 49 API calls 66967->66968 66969 7ff77c634650 66968->66969 66969->66747 66970->66777 66971->66782 66972->66784 66973->66788 66974->66796 66975->66790 66976->66795 66977->66795 66978->66758 66980->66771 66981->66776 66982->66817 66983->66817 66985 7ff77c6336bc GetModuleFileNameW 66984->66985 66985->66821 66985->66822 66987 7ff77c63932f FindClose 66986->66987 66988 7ff77c639342 66986->66988 66987->66988 66989 7ff77c63c5c0 _log10_special 8 API calls 66988->66989 66990 7ff77c63371a 66989->66990 66990->66827 66990->66828 66991->66825 66992->66834 66993->66839 66994->66832 66995->66825 66997 7ff77c640774 66996->66997 67015 7ff77c6404d4 66997->67015 66999 7ff77c64078d 66999->66850 67028 7ff77c64042c 67000->67028 67003->66855 67004->66889 67005->66861 67006->66889 67007->66867 67008->66889 67009->66878 67010->66889 67011->66885 67012->66889 67013->66886 67014->66889 67016 7ff77c64053e 67015->67016 67017 7ff77c6404fe 67015->67017 67016->67017 67018 7ff77c64054a 67016->67018 67027 7ff77c64a884 37 API calls 2 library calls 67017->67027 67026 7ff77c6454dc EnterCriticalSection 67018->67026 67021 7ff77c640525 67021->66999 67022 7ff77c64054f 67023 7ff77c640658 71 API calls 67022->67023 67024 7ff77c640561 67023->67024 67025 7ff77c6454e8 _fread_nolock LeaveCriticalSection 67024->67025 67025->67021 67027->67021 67029 7ff77c640456 67028->67029 67040 7ff77c631a20 67028->67040 67030 7ff77c6404a2 67029->67030 67031 7ff77c640465 __scrt_get_show_window_mode 67029->67031 67029->67040 67041 7ff77c6454dc EnterCriticalSection 67030->67041 67042 7ff77c644f78 11 API calls _get_daylight 67031->67042 67034 7ff77c6404aa 67036 7ff77c6401ac _fread_nolock 51 API calls 67034->67036 67035 7ff77c64047a 67043 7ff77c64a950 37 API calls _invalid_parameter_noinfo 67035->67043 67038 7ff77c6404c1 67036->67038 67039 7ff77c6454e8 _fread_nolock LeaveCriticalSection 67038->67039 67039->67040 67040->66858 67040->66859 67042->67035 67043->67040 67044->66900 67046 7ff77c636365 67045->67046 67047 7ff77c631c80 49 API calls 67046->67047 67048 7ff77c6363a1 67047->67048 67049 7ff77c6363aa 67048->67049 67050 7ff77c6363cd 67048->67050 67133 7ff77c632710 54 API calls _log10_special 67049->67133 67052 7ff77c634620 49 API calls 67050->67052 67053 7ff77c6363e5 67052->67053 67054 7ff77c636403 67053->67054 67134 7ff77c632710 54 API calls _log10_special 67053->67134 67123 7ff77c634550 67054->67123 67056 7ff77c63c5c0 _log10_special 8 API calls 67059 7ff77c63336e 67056->67059 67059->66916 67076 7ff77c6364f0 67059->67076 67060 7ff77c63641b 67062 7ff77c634620 49 API calls 67060->67062 67061 7ff77c639070 3 API calls 67061->67060 67063 7ff77c636434 67062->67063 67064 7ff77c636459 67063->67064 67065 7ff77c636439 67063->67065 67129 7ff77c639070 67064->67129 67135 7ff77c632710 54 API calls _log10_special 67065->67135 67068 7ff77c6363c3 67068->67056 67069 7ff77c636466 67070 7ff77c6364b1 67069->67070 67071 7ff77c636472 67069->67071 67137 7ff77c635820 137 API calls 67070->67137 67073 7ff77c639400 2 API calls 67071->67073 67074 7ff77c63648a GetLastError 67073->67074 67136 7ff77c632c50 51 API calls _log10_special 67074->67136 67138 7ff77c6353f0 67076->67138 67078 7ff77c636516 67079 7ff77c63651e 67078->67079 67080 7ff77c63652f 67078->67080 67163 7ff77c632710 54 API calls _log10_special 67079->67163 67145 7ff77c634c80 67080->67145 67084 7ff77c63653b 67164 7ff77c632710 54 API calls _log10_special 67084->67164 67085 7ff77c63654c 67087 7ff77c63655c 67085->67087 67090 7ff77c63656d 67085->67090 67165 7ff77c632710 54 API calls _log10_special 67087->67165 67088 7ff77c63652a 67088->66912 67091 7ff77c63659d 67090->67091 67092 7ff77c63658c 67090->67092 67094 7ff77c6365bd 67091->67094 67095 7ff77c6365ac 67091->67095 67166 7ff77c632710 54 API calls _log10_special 67092->67166 67149 7ff77c634d40 67094->67149 67167 7ff77c632710 54 API calls _log10_special 67095->67167 67099 7ff77c6365dd 67102 7ff77c6365fd 67099->67102 67103 7ff77c6365ec 67099->67103 67100 7ff77c6365cc 67168 7ff77c632710 54 API calls _log10_special 67100->67168 67105 7ff77c63660f 67102->67105 67107 7ff77c636620 67102->67107 67169 7ff77c632710 54 API calls _log10_special 67103->67169 67170 7ff77c632710 54 API calls _log10_special 67105->67170 67110 7ff77c63664a 67107->67110 67171 7ff77c647320 73 API calls 67107->67171 67109 7ff77c636638 67172 7ff77c647320 73 API calls 67109->67172 67110->67088 67173 7ff77c632710 54 API calls _log10_special 67110->67173 67114 7ff77c636060 67113->67114 67114->67114 67115 7ff77c636089 67114->67115 67119 7ff77c6360a0 __std_exception_destroy 67114->67119 67205 7ff77c632710 54 API calls _log10_special 67115->67205 67117 7ff77c636095 67117->66914 67120 7ff77c632710 54 API calls 67119->67120 67121 7ff77c6361ab 67119->67121 67175 7ff77c631470 67119->67175 67120->67119 67121->66914 67122->66916 67124 7ff77c63455a 67123->67124 67125 7ff77c639400 2 API calls 67124->67125 67126 7ff77c63457f 67125->67126 67127 7ff77c63c5c0 _log10_special 8 API calls 67126->67127 67128 7ff77c6345a7 67127->67128 67128->67060 67128->67061 67130 7ff77c639400 2 API calls 67129->67130 67131 7ff77c639084 LoadLibraryExW 67130->67131 67132 7ff77c6390a3 __std_exception_destroy 67131->67132 67132->67069 67133->67068 67134->67054 67135->67068 67136->67068 67137->67068 67139 7ff77c63541c 67138->67139 67140 7ff77c635424 67139->67140 67141 7ff77c6355c4 67139->67141 67174 7ff77c646b14 48 API calls 67139->67174 67140->67078 67142 7ff77c635787 __std_exception_destroy 67141->67142 67143 7ff77c6347c0 47 API calls 67141->67143 67142->67078 67143->67141 67146 7ff77c634cb0 67145->67146 67147 7ff77c63c5c0 _log10_special 8 API calls 67146->67147 67148 7ff77c634d1a 67147->67148 67148->67084 67148->67085 67150 7ff77c634d55 67149->67150 67151 7ff77c631c80 49 API calls 67150->67151 67152 7ff77c634da1 67151->67152 67153 7ff77c631c80 49 API calls 67152->67153 67162 7ff77c634e23 __std_exception_destroy 67152->67162 67155 7ff77c634de0 67153->67155 67154 7ff77c63c5c0 _log10_special 8 API calls 67156 7ff77c634e6e 67154->67156 67157 7ff77c639400 2 API calls 67155->67157 67155->67162 67156->67099 67156->67100 67158 7ff77c634df6 67157->67158 67159 7ff77c639400 2 API calls 67158->67159 67160 7ff77c634e0d 67159->67160 67161 7ff77c639400 2 API calls 67160->67161 67161->67162 67162->67154 67163->67088 67164->67088 67165->67088 67166->67088 67167->67088 67168->67088 67169->67088 67170->67088 67171->67109 67172->67110 67173->67088 67174->67139 67176 7ff77c6345b0 108 API calls 67175->67176 67177 7ff77c631493 67176->67177 67178 7ff77c63149b 67177->67178 67179 7ff77c6314bc 67177->67179 67228 7ff77c632710 54 API calls _log10_special 67178->67228 67181 7ff77c640744 73 API calls 67179->67181 67183 7ff77c6314d1 67181->67183 67182 7ff77c6314ab 67182->67119 67184 7ff77c6314f8 67183->67184 67185 7ff77c6314d5 67183->67185 67189 7ff77c631508 67184->67189 67190 7ff77c631532 67184->67190 67229 7ff77c644f78 11 API calls _get_daylight 67185->67229 67187 7ff77c6314da 67230 7ff77c632910 54 API calls _log10_special 67187->67230 67231 7ff77c644f78 11 API calls _get_daylight 67189->67231 67191 7ff77c631538 67190->67191 67200 7ff77c63154b 67190->67200 67206 7ff77c631210 67191->67206 67193 7ff77c631510 67232 7ff77c632910 54 API calls _log10_special 67193->67232 67195 7ff77c6314f3 __std_exception_destroy 67197 7ff77c6400bc 74 API calls 67195->67197 67198 7ff77c6315c4 67197->67198 67198->67119 67199 7ff77c64040c _fread_nolock 53 API calls 67199->67200 67200->67195 67200->67199 67201 7ff77c6315d6 67200->67201 67233 7ff77c644f78 11 API calls _get_daylight 67201->67233 67203 7ff77c6315db 67234 7ff77c632910 54 API calls _log10_special 67203->67234 67205->67117 67207 7ff77c631268 67206->67207 67208 7ff77c631297 67207->67208 67209 7ff77c63126f 67207->67209 67212 7ff77c6312b1 67208->67212 67213 7ff77c6312d4 67208->67213 67239 7ff77c632710 54 API calls _log10_special 67209->67239 67211 7ff77c631282 67211->67195 67240 7ff77c644f78 11 API calls _get_daylight 67212->67240 67217 7ff77c6312e6 67213->67217 67226 7ff77c631309 memcpy_s 67213->67226 67215 7ff77c6312b6 67241 7ff77c632910 54 API calls _log10_special 67215->67241 67242 7ff77c644f78 11 API calls _get_daylight 67217->67242 67219 7ff77c64040c _fread_nolock 53 API calls 67219->67226 67220 7ff77c6312eb 67243 7ff77c632910 54 API calls _log10_special 67220->67243 67222 7ff77c6312cf __std_exception_destroy 67222->67195 67223 7ff77c6313cf 67244 7ff77c632710 54 API calls _log10_special 67223->67244 67226->67219 67226->67222 67226->67223 67227 7ff77c640180 37 API calls 67226->67227 67235 7ff77c640b4c 67226->67235 67227->67226 67228->67182 67229->67187 67230->67195 67231->67193 67232->67195 67233->67203 67234->67195 67236 7ff77c640b7c 67235->67236 67245 7ff77c64089c 67236->67245 67238 7ff77c640b9a 67238->67226 67239->67211 67240->67215 67241->67222 67242->67220 67243->67222 67244->67222 67246 7ff77c6408bc 67245->67246 67251 7ff77c6408e9 67245->67251 67247 7ff77c6408f1 67246->67247 67248 7ff77c6408c6 67246->67248 67246->67251 67252 7ff77c6407dc 67247->67252 67259 7ff77c64a884 37 API calls 2 library calls 67248->67259 67251->67238 67260 7ff77c6454dc EnterCriticalSection 67252->67260 67254 7ff77c6407f9 67255 7ff77c64081c 74 API calls 67254->67255 67256 7ff77c640802 67255->67256 67257 7ff77c6454e8 _fread_nolock LeaveCriticalSection 67256->67257 67258 7ff77c64080d 67257->67258 67258->67251 67259->67251 67262 7ff77c644a4e 67261->67262 67263 7ff77c644a73 67262->67263 67265 7ff77c644aaf 67262->67265 67279 7ff77c64a884 37 API calls 2 library calls 67263->67279 67280 7ff77c642c80 49 API calls _invalid_parameter_noinfo 67265->67280 67267 7ff77c644a9d 67269 7ff77c63c5c0 _log10_special 8 API calls 67267->67269 67268 7ff77c64a9b8 __free_lconv_mon 11 API calls 67268->67267 67271 7ff77c631cc8 67269->67271 67270 7ff77c644b46 67272 7ff77c644bb0 67270->67272 67273 7ff77c644b58 67270->67273 67276 7ff77c644b61 67270->67276 67277 7ff77c644b8c 67270->67277 67271->66681 67274 7ff77c644bba 67272->67274 67272->67277 67273->67276 67273->67277 67278 7ff77c64a9b8 __free_lconv_mon 11 API calls 67274->67278 67281 7ff77c64a9b8 67276->67281 67277->67268 67278->67267 67279->67267 67280->67270 67282 7ff77c64a9bd RtlFreeHeap 67281->67282 67283 7ff77c64a9ec 67281->67283 67282->67283 67284 7ff77c64a9d8 GetLastError 67282->67284 67283->67267 67285 7ff77c64a9e5 __free_lconv_mon 67284->67285 67287 7ff77c644f78 11 API calls _get_daylight 67285->67287 67287->67283 67289 7ff77c645f38 67288->67289 67290 7ff77c645f5e 67289->67290 67292 7ff77c645f91 67289->67292 67319 7ff77c644f78 11 API calls _get_daylight 67290->67319 67294 7ff77c645f97 67292->67294 67295 7ff77c645fa4 67292->67295 67293 7ff77c645f63 67320 7ff77c64a950 37 API calls _invalid_parameter_noinfo 67293->67320 67321 7ff77c644f78 11 API calls _get_daylight 67294->67321 67307 7ff77c64ac98 67295->67307 67299 7ff77c634606 67299->66930 67301 7ff77c645fb8 67322 7ff77c644f78 11 API calls _get_daylight 67301->67322 67302 7ff77c645fc5 67314 7ff77c64ff3c 67302->67314 67305 7ff77c645fd8 67323 7ff77c6454e8 LeaveCriticalSection 67305->67323 67324 7ff77c650348 EnterCriticalSection 67307->67324 67309 7ff77c64acaf 67310 7ff77c64ad0c 19 API calls 67309->67310 67311 7ff77c64acba 67310->67311 67312 7ff77c6503a8 _isindst LeaveCriticalSection 67311->67312 67313 7ff77c645fae 67312->67313 67313->67301 67313->67302 67325 7ff77c64fc38 67314->67325 67318 7ff77c64ff96 67318->67305 67319->67293 67320->67299 67321->67299 67322->67299 67330 7ff77c64fc73 __vcrt_InitializeCriticalSectionEx 67325->67330 67327 7ff77c64ff11 67344 7ff77c64a950 37 API calls _invalid_parameter_noinfo 67327->67344 67329 7ff77c64fe43 67329->67318 67337 7ff77c656dc4 67329->67337 67334 7ff77c64fe3a 67330->67334 67340 7ff77c647aac 51 API calls 3 library calls 67330->67340 67332 7ff77c64fea5 67332->67334 67341 7ff77c647aac 51 API calls 3 library calls 67332->67341 67334->67329 67343 7ff77c644f78 11 API calls _get_daylight 67334->67343 67335 7ff77c64fec4 67335->67334 67342 7ff77c647aac 51 API calls 3 library calls 67335->67342 67345 7ff77c6563c4 67337->67345 67340->67332 67341->67335 67342->67334 67343->67327 67344->67329 67346 7ff77c6563db 67345->67346 67347 7ff77c6563f9 67345->67347 67399 7ff77c644f78 11 API calls _get_daylight 67346->67399 67347->67346 67350 7ff77c656415 67347->67350 67349 7ff77c6563e0 67400 7ff77c64a950 37 API calls _invalid_parameter_noinfo 67349->67400 67356 7ff77c6569d4 67350->67356 67353 7ff77c6563ec 67353->67318 67402 7ff77c656708 67356->67402 67359 7ff77c656a49 67434 7ff77c644f58 11 API calls _get_daylight 67359->67434 67360 7ff77c656a61 67422 7ff77c648590 67360->67422 67378 7ff77c656a4e 67435 7ff77c644f78 11 API calls _get_daylight 67378->67435 67391 7ff77c656440 67391->67353 67401 7ff77c648568 LeaveCriticalSection 67391->67401 67399->67349 67400->67353 67403 7ff77c656734 67402->67403 67405 7ff77c65674e 67402->67405 67403->67405 67447 7ff77c644f78 11 API calls _get_daylight 67403->67447 67407 7ff77c6567cc 67405->67407 67449 7ff77c644f78 11 API calls _get_daylight 67405->67449 67406 7ff77c656743 67448 7ff77c64a950 37 API calls _invalid_parameter_noinfo 67406->67448 67409 7ff77c65681d 67407->67409 67451 7ff77c644f78 11 API calls _get_daylight 67407->67451 67415 7ff77c65687a 67409->67415 67453 7ff77c649be8 37 API calls 2 library calls 67409->67453 67412 7ff77c656876 67412->67415 67416 7ff77c6568f8 67412->67416 67413 7ff77c656812 67452 7ff77c64a950 37 API calls _invalid_parameter_noinfo 67413->67452 67415->67359 67415->67360 67454 7ff77c64a970 17 API calls _isindst 67416->67454 67418 7ff77c6567c1 67450 7ff77c64a950 37 API calls _invalid_parameter_noinfo 67418->67450 67455 7ff77c650348 EnterCriticalSection 67422->67455 67434->67378 67435->67391 67447->67406 67448->67405 67449->67418 67450->67407 67451->67413 67452->67409 67453->67412 67457 7ff77c647968 67456->67457 67460 7ff77c647444 67457->67460 67459 7ff77c647981 67459->66940 67461 7ff77c64748e 67460->67461 67462 7ff77c64745f 67460->67462 67470 7ff77c6454dc EnterCriticalSection 67461->67470 67471 7ff77c64a884 37 API calls 2 library calls 67462->67471 67465 7ff77c64747f 67465->67459 67466 7ff77c647493 67467 7ff77c6474b0 38 API calls 67466->67467 67468 7ff77c64749f 67467->67468 67469 7ff77c6454e8 _fread_nolock LeaveCriticalSection 67468->67469 67469->67465 67471->67465 67473 7ff77c63fee1 67472->67473 67474 7ff77c63feb3 67472->67474 67481 7ff77c63fed3 67473->67481 67482 7ff77c6454dc EnterCriticalSection 67473->67482 67483 7ff77c64a884 37 API calls 2 library calls 67474->67483 67477 7ff77c63fef8 67478 7ff77c63ff14 72 API calls 67477->67478 67479 7ff77c63ff04 67478->67479 67480 7ff77c6454e8 _fread_nolock LeaveCriticalSection 67479->67480 67480->67481 67481->66944 67483->67481 67484->66961 67486 7ff77c632fe0 67487 7ff77c632ff0 67486->67487 67488 7ff77c63302b 67487->67488 67489 7ff77c633041 67487->67489 67514 7ff77c632710 54 API calls _log10_special 67488->67514 67491 7ff77c633061 67489->67491 67501 7ff77c633077 __std_exception_destroy 67489->67501 67515 7ff77c632710 54 API calls _log10_special 67491->67515 67492 7ff77c63c5c0 _log10_special 8 API calls 67494 7ff77c6331fa 67492->67494 67495 7ff77c631470 116 API calls 67495->67501 67496 7ff77c633349 67522 7ff77c632710 54 API calls _log10_special 67496->67522 67497 7ff77c631c80 49 API calls 67497->67501 67499 7ff77c633333 67521 7ff77c632710 54 API calls _log10_special 67499->67521 67501->67495 67501->67496 67501->67497 67501->67499 67502 7ff77c63330d 67501->67502 67504 7ff77c633207 67501->67504 67513 7ff77c633037 __std_exception_destroy 67501->67513 67520 7ff77c632710 54 API calls _log10_special 67502->67520 67505 7ff77c633273 67504->67505 67516 7ff77c64a474 37 API calls 2 library calls 67504->67516 67507 7ff77c63329e 67505->67507 67508 7ff77c633290 67505->67508 67518 7ff77c632dd0 37 API calls 67507->67518 67517 7ff77c64a474 37 API calls 2 library calls 67508->67517 67511 7ff77c63329c 67519 7ff77c632500 54 API calls __std_exception_destroy 67511->67519 67513->67492 67514->67513 67515->67513 67516->67505 67517->67511 67518->67511 67519->67513 67520->67513 67521->67513 67522->67513

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FF77C631000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 7ff77c631000-7ff77c633806 call 7ff77c63fe88 call 7ff77c63fe90 call 7ff77c63c8c0 call 7ff77c645460 call 7ff77c6454f4 call 7ff77c6336b0 14 7ff77c633808-7ff77c63380f 0->14 15 7ff77c633814-7ff77c633836 call 7ff77c631950 0->15 16 7ff77c633c97-7ff77c633cb2 call 7ff77c63c5c0 14->16 21 7ff77c63391b-7ff77c633931 call 7ff77c6345b0 15->21 22 7ff77c63383c-7ff77c633856 call 7ff77c631c80 15->22 27 7ff77c63396a-7ff77c63397f call 7ff77c632710 21->27 28 7ff77c633933-7ff77c633960 call 7ff77c637f80 21->28 26 7ff77c63385b-7ff77c63389b call 7ff77c638a20 22->26 35 7ff77c63389d-7ff77c6338a3 26->35 36 7ff77c6338c1-7ff77c6338cc call 7ff77c644fa0 26->36 40 7ff77c633c8f 27->40 38 7ff77c633962-7ff77c633965 call 7ff77c6400bc 28->38 39 7ff77c633984-7ff77c6339a6 call 7ff77c631c80 28->39 41 7ff77c6338af-7ff77c6338bd call 7ff77c638b90 35->41 42 7ff77c6338a5-7ff77c6338ad 35->42 48 7ff77c6339fc-7ff77c633a2a call 7ff77c638b30 call 7ff77c638b90 * 3 36->48 49 7ff77c6338d2-7ff77c6338e1 call 7ff77c638a20 36->49 38->27 53 7ff77c6339b0-7ff77c6339b9 39->53 40->16 41->36 42->41 76 7ff77c633a2f-7ff77c633a3e call 7ff77c638a20 48->76 57 7ff77c6338e7-7ff77c6338ed 49->57 58 7ff77c6339f4-7ff77c6339f7 call 7ff77c644fa0 49->58 53->53 56 7ff77c6339bb-7ff77c6339d8 call 7ff77c631950 53->56 56->26 65 7ff77c6339de-7ff77c6339ef call 7ff77c632710 56->65 62 7ff77c6338f0-7ff77c6338fc 57->62 58->48 66 7ff77c6338fe-7ff77c633903 62->66 67 7ff77c633905-7ff77c633908 62->67 65->40 66->62 66->67 67->58 70 7ff77c63390e-7ff77c633916 call 7ff77c644fa0 67->70 70->76 79 7ff77c633b45-7ff77c633b53 76->79 80 7ff77c633a44-7ff77c633a47 76->80 82 7ff77c633b59-7ff77c633b5d 79->82 83 7ff77c633a67 79->83 80->79 81 7ff77c633a4d-7ff77c633a50 80->81 84 7ff77c633a56-7ff77c633a5a 81->84 85 7ff77c633b14-7ff77c633b17 81->85 86 7ff77c633a6b-7ff77c633a90 call 7ff77c644fa0 82->86 83->86 84->85 87 7ff77c633a60 84->87 88 7ff77c633b19-7ff77c633b1d 85->88 89 7ff77c633b2f-7ff77c633b40 call 7ff77c632710 85->89 95 7ff77c633aab-7ff77c633ac0 86->95 96 7ff77c633a92-7ff77c633aa6 call 7ff77c638b30 86->96 87->83 88->89 91 7ff77c633b1f-7ff77c633b2a 88->91 97 7ff77c633c7f-7ff77c633c87 89->97 91->86 99 7ff77c633be8-7ff77c633bfa call 7ff77c638a20 95->99 100 7ff77c633ac6-7ff77c633aca 95->100 96->95 97->40 108 7ff77c633c2e 99->108 109 7ff77c633bfc-7ff77c633c02 99->109 102 7ff77c633bcd-7ff77c633be2 call 7ff77c631940 100->102 103 7ff77c633ad0-7ff77c633ae8 call 7ff77c6452c0 100->103 102->99 102->100 114 7ff77c633aea-7ff77c633b02 call 7ff77c6452c0 103->114 115 7ff77c633b62-7ff77c633b7a call 7ff77c6452c0 103->115 111 7ff77c633c31-7ff77c633c40 call 7ff77c644fa0 108->111 112 7ff77c633c1e-7ff77c633c2c 109->112 113 7ff77c633c04-7ff77c633c1c 109->113 123 7ff77c633d41-7ff77c633d63 call 7ff77c6344d0 111->123 124 7ff77c633c46-7ff77c633c4a 111->124 112->111 113->111 114->102 122 7ff77c633b08-7ff77c633b0f 114->122 125 7ff77c633b87-7ff77c633b9f call 7ff77c6452c0 115->125 126 7ff77c633b7c-7ff77c633b80 115->126 122->102 139 7ff77c633d71-7ff77c633d82 call 7ff77c631c80 123->139 140 7ff77c633d65-7ff77c633d6f call 7ff77c634620 123->140 128 7ff77c633c50-7ff77c633c5f call 7ff77c6390e0 124->128 129 7ff77c633cd4-7ff77c633ce6 call 7ff77c638a20 124->129 135 7ff77c633bac-7ff77c633bc4 call 7ff77c6452c0 125->135 136 7ff77c633ba1-7ff77c633ba5 125->136 126->125 142 7ff77c633c61 128->142 143 7ff77c633cb3-7ff77c633cbd call 7ff77c638850 128->143 144 7ff77c633ce8-7ff77c633ceb 129->144 145 7ff77c633d35-7ff77c633d3c 129->145 135->102 155 7ff77c633bc6 135->155 136->135 153 7ff77c633d87-7ff77c633d96 139->153 140->153 150 7ff77c633c68 call 7ff77c632710 142->150 162 7ff77c633cc8-7ff77c633ccf 143->162 163 7ff77c633cbf-7ff77c633cc6 143->163 144->145 151 7ff77c633ced-7ff77c633d10 call 7ff77c631c80 144->151 145->150 164 7ff77c633c6d-7ff77c633c77 150->164 168 7ff77c633d2b-7ff77c633d33 call 7ff77c644fa0 151->168 169 7ff77c633d12-7ff77c633d26 call 7ff77c632710 call 7ff77c644fa0 151->169 158 7ff77c633d98-7ff77c633d9f 153->158 159 7ff77c633dc4-7ff77c633dda call 7ff77c639400 153->159 155->102 158->159 160 7ff77c633da1-7ff77c633da5 158->160 171 7ff77c633de8-7ff77c633e04 SetDllDirectoryW 159->171 172 7ff77c633ddc 159->172 160->159 166 7ff77c633da7-7ff77c633dbe SetDllDirectoryW LoadLibraryExW 160->166 162->153 163->150 164->97 166->159 168->153 169->164 175 7ff77c633e0a-7ff77c633e19 call 7ff77c638a20 171->175 176 7ff77c633f01-7ff77c633f08 171->176 172->171 189 7ff77c633e1b-7ff77c633e21 175->189 190 7ff77c633e32-7ff77c633e3c call 7ff77c644fa0 175->190 179 7ff77c633f0e-7ff77c633f15 176->179 180 7ff77c633ffc-7ff77c634004 176->180 179->180 183 7ff77c633f1b-7ff77c633f25 call 7ff77c6333c0 179->183 184 7ff77c634029-7ff77c634034 call 7ff77c6336a0 call 7ff77c633360 180->184 185 7ff77c634006-7ff77c634023 PostMessageW GetMessageW 180->185 183->164 197 7ff77c633f2b-7ff77c633f3f call 7ff77c6390c0 183->197 202 7ff77c634039-7ff77c63405b call 7ff77c633670 call 7ff77c636fb0 call 7ff77c636d60 184->202 185->184 193 7ff77c633e2d-7ff77c633e2f 189->193 194 7ff77c633e23-7ff77c633e2b 189->194 199 7ff77c633ef2-7ff77c633efc call 7ff77c638b30 190->199 200 7ff77c633e42-7ff77c633e48 190->200 193->190 194->193 209 7ff77c633f41-7ff77c633f5e PostMessageW GetMessageW 197->209 210 7ff77c633f64-7ff77c633fa7 call 7ff77c638b30 call 7ff77c638bd0 call 7ff77c636fb0 call 7ff77c636d60 call 7ff77c638ad0 197->210 199->176 200->199 204 7ff77c633e4e-7ff77c633e54 200->204 207 7ff77c633e5f-7ff77c633e61 204->207 208 7ff77c633e56-7ff77c633e58 204->208 207->176 213 7ff77c633e67-7ff77c633e83 call 7ff77c636db0 call 7ff77c637330 207->213 212 7ff77c633e5a 208->212 208->213 209->210 248 7ff77c633fe9-7ff77c633ff7 call 7ff77c631900 210->248 249 7ff77c633fa9-7ff77c633fb3 call 7ff77c639200 210->249 212->176 228 7ff77c633e8e-7ff77c633e95 213->228 229 7ff77c633e85-7ff77c633e8c 213->229 232 7ff77c633e97-7ff77c633ea4 call 7ff77c636df0 228->232 233 7ff77c633eaf-7ff77c633eb9 call 7ff77c6371a0 228->233 231 7ff77c633edb-7ff77c633ef0 call 7ff77c632a50 call 7ff77c636fb0 call 7ff77c636d60 229->231 231->176 232->233 242 7ff77c633ea6-7ff77c633ead 232->242 243 7ff77c633ebb-7ff77c633ec2 233->243 244 7ff77c633ec4-7ff77c633ed2 call 7ff77c6374e0 233->244 242->231 243->231 244->176 256 7ff77c633ed4 244->256 248->164 249->248 259 7ff77c633fb5-7ff77c633fca 249->259 256->231 260 7ff77c633fcc-7ff77c633fdf call 7ff77c632710 call 7ff77c631900 259->260 261 7ff77c633fe4 call 7ff77c632a50 259->261 260->164 261->248
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                      • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                      • API String ID: 2776309574-4232158417
                                                                                                                                                                                                      • Opcode ID: c4287787c746abb56e9331fa3c8956d7c4ae80ab217cba986f551fa52fb8bac5
                                                                                                                                                                                                      • Instruction ID: 9114c02e35f4c945f3e564d6bb4ac957497460a2e6caa7a6b363cd5af0fa4c48
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4287787c746abb56e9331fa3c8956d7c4ae80ab217cba986f551fa52fb8bac5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1325E23A3C68251EB17BB2194D52BBA693AF9C740FC44036DA5DC72D6EF2CE556C320
                                                                                                                                                                                                      Function 00007FF77C6569D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 465 7ff77c6569d4-7ff77c656a47 call 7ff77c656708 468 7ff77c656a49-7ff77c656a52 call 7ff77c644f58 465->468 469 7ff77c656a61-7ff77c656a6b call 7ff77c648590 465->469 474 7ff77c656a55-7ff77c656a5c call 7ff77c644f78 468->474 475 7ff77c656a6d-7ff77c656a84 call 7ff77c644f58 call 7ff77c644f78 469->475 476 7ff77c656a86-7ff77c656aef CreateFileW 469->476 489 7ff77c656da2-7ff77c656dc2 474->489 475->474 477 7ff77c656b6c-7ff77c656b77 GetFileType 476->477 478 7ff77c656af1-7ff77c656af7 476->478 484 7ff77c656b79-7ff77c656bb4 GetLastError call 7ff77c644eec CloseHandle 477->484 485 7ff77c656bca-7ff77c656bd1 477->485 481 7ff77c656b39-7ff77c656b67 GetLastError call 7ff77c644eec 478->481 482 7ff77c656af9-7ff77c656afd 478->482 481->474 482->481 487 7ff77c656aff-7ff77c656b37 CreateFileW 482->487 484->474 500 7ff77c656bba-7ff77c656bc5 call 7ff77c644f78 484->500 492 7ff77c656bd9-7ff77c656bdc 485->492 493 7ff77c656bd3-7ff77c656bd7 485->493 487->477 487->481 494 7ff77c656be2-7ff77c656c37 call 7ff77c6484a8 492->494 495 7ff77c656bde 492->495 493->494 503 7ff77c656c39-7ff77c656c45 call 7ff77c656910 494->503 504 7ff77c656c56-7ff77c656c87 call 7ff77c656488 494->504 495->494 500->474 503->504 510 7ff77c656c47 503->510 511 7ff77c656c8d-7ff77c656ccf 504->511 512 7ff77c656c89-7ff77c656c8b 504->512 513 7ff77c656c49-7ff77c656c51 call 7ff77c64ab30 510->513 514 7ff77c656cf1-7ff77c656cfc 511->514 515 7ff77c656cd1-7ff77c656cd5 511->515 512->513 513->489 517 7ff77c656da0 514->517 518 7ff77c656d02-7ff77c656d06 514->518 515->514 516 7ff77c656cd7-7ff77c656cec 515->516 516->514 517->489 518->517 520 7ff77c656d0c-7ff77c656d51 CloseHandle CreateFileW 518->520 522 7ff77c656d53-7ff77c656d81 GetLastError call 7ff77c644eec call 7ff77c6486d0 520->522 523 7ff77c656d86-7ff77c656d9b 520->523 522->523 523->517
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1617910340-0
                                                                                                                                                                                                      • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                      • Instruction ID: 6e974f1467f80e3e32f6f854cc6697c8b9e4dcbf63594fe474f39d4998d22fe0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CC1DF37B38A4185EB51EF64D4812AE7762EB88B98B914225DF2E9B394CF38D151C310
                                                                                                                                                                                                      Function 00007FF77C6392F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                      • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                      • Instruction ID: 2ee977b4d359e8598270d5b5f578115adeef70896603c7c67b083c718fa6027b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9F0C863A38741C6F7B19B60B4C8777B351AB8C328F880335DAAD466D4DF3CD0588A10
                                                                                                                                                                                                      Function 00007FFDFAC20180 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoSystem
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 31276548-0
                                                                                                                                                                                                      • Opcode ID: b0054afb10e4f66619171edf603becae74e7afe6d3d72f3cb96377bce576b712
                                                                                                                                                                                                      • Instruction ID: f890f8d547d6e6f0a21cac0c4219e8c852f9672c751d88292213934fe50201af
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0054afb10e4f66619171edf603becae74e7afe6d3d72f3cb96377bce576b712
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00A1D968B0EB4786EF5C8B45A874B3823E0FF54B44F5905B6CD6D077E8EF6CA9558200
                                                                                                                                                                                                      Function 00007FF77C631950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 267 7ff77c631950-7ff77c63198b call 7ff77c6345b0 270 7ff77c631c4e-7ff77c631c72 call 7ff77c63c5c0 267->270 271 7ff77c631991-7ff77c6319d1 call 7ff77c637f80 267->271 276 7ff77c6319d7-7ff77c6319e7 call 7ff77c640744 271->276 277 7ff77c631c3b-7ff77c631c3e call 7ff77c6400bc 271->277 282 7ff77c6319e9-7ff77c631a03 call 7ff77c644f78 call 7ff77c632910 276->282 283 7ff77c631a08-7ff77c631a24 call 7ff77c64040c 276->283 281 7ff77c631c43-7ff77c631c4b 277->281 281->270 282->277 289 7ff77c631a45-7ff77c631a5a call 7ff77c644f98 283->289 290 7ff77c631a26-7ff77c631a40 call 7ff77c644f78 call 7ff77c632910 283->290 296 7ff77c631a7b-7ff77c631b05 call 7ff77c631c80 * 2 call 7ff77c640744 call 7ff77c644fb4 289->296 297 7ff77c631a5c-7ff77c631a76 call 7ff77c644f78 call 7ff77c632910 289->297 290->277 311 7ff77c631b0a-7ff77c631b14 296->311 297->277 312 7ff77c631b35-7ff77c631b4e call 7ff77c64040c 311->312 313 7ff77c631b16-7ff77c631b30 call 7ff77c644f78 call 7ff77c632910 311->313 319 7ff77c631b6f-7ff77c631b8b call 7ff77c640180 312->319 320 7ff77c631b50-7ff77c631b6a call 7ff77c644f78 call 7ff77c632910 312->320 313->277 326 7ff77c631b8d-7ff77c631b99 call 7ff77c632710 319->326 327 7ff77c631b9e-7ff77c631bac 319->327 320->277 326->277 327->277 330 7ff77c631bb2-7ff77c631bb9 327->330 333 7ff77c631bc1-7ff77c631bc7 330->333 334 7ff77c631bc9-7ff77c631bd6 333->334 335 7ff77c631be0-7ff77c631bef 333->335 336 7ff77c631bf1-7ff77c631bfa 334->336 335->335 335->336 337 7ff77c631bfc-7ff77c631bff 336->337 338 7ff77c631c0f 336->338 337->338 339 7ff77c631c01-7ff77c631c04 337->339 340 7ff77c631c11-7ff77c631c24 338->340 339->338 341 7ff77c631c06-7ff77c631c09 339->341 342 7ff77c631c2d-7ff77c631c39 340->342 343 7ff77c631c26 340->343 341->338 344 7ff77c631c0b-7ff77c631c0d 341->344 342->277 342->333 343->342 344->340
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00007FF77C637F80: _fread_nolock.LIBCMT ref: 00007FF77C63802A
                                                                                                                                                                                                      • _fread_nolock.LIBCMT ref: 00007FF77C631A1B
                                                                                                                                                                                                        • Part of subcall function 00007FF77C632910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF77C631B6A), ref: 00007FF77C63295E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                      • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                      • API String ID: 2397952137-3497178890
                                                                                                                                                                                                      • Opcode ID: 2905f55c1a3c8d4e6aa49aeeb86a9490fcb65926af6803c34ddd16b54d0a65e3
                                                                                                                                                                                                      • Instruction ID: 35c52bdfd9152fee9e3d00afc52d1cfae8b5c8307c3428e46191c0d58e939bc0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2905f55c1a3c8d4e6aa49aeeb86a9490fcb65926af6803c34ddd16b54d0a65e3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 098182B3A3C68685E752BB14E4812BBA3A2EF8C744FD04431DA8DC7795DE3CE6458760
                                                                                                                                                                                                      Function 00007FF77C631470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                      • API String ID: 2050909247-3659356012
                                                                                                                                                                                                      • Opcode ID: c3132dac9269c38c9a1bc21902639ef7b90e150b6d1cafd95d12fa158ba3d24b
                                                                                                                                                                                                      • Instruction ID: f316fdd1e9b2d530c03798b782d712437283d0a0ad5b140fb5d90f127ad55efd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3132dac9269c38c9a1bc21902639ef7b90e150b6d1cafd95d12fa158ba3d24b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D04183A3B3854285EB02FB21A4815BBE392EF8C794FD44532EE4D87795DE3CE6418720
                                                                                                                                                                                                      Function 00007FF77C631210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 528 7ff77c631210-7ff77c63126d call 7ff77c63bdf0 531 7ff77c631297-7ff77c6312af call 7ff77c644fb4 528->531 532 7ff77c63126f-7ff77c631296 call 7ff77c632710 528->532 537 7ff77c6312b1-7ff77c6312cf call 7ff77c644f78 call 7ff77c632910 531->537 538 7ff77c6312d4-7ff77c6312e4 call 7ff77c644fb4 531->538 550 7ff77c631439-7ff77c63146d call 7ff77c63bad0 call 7ff77c644fa0 * 2 537->550 544 7ff77c631309-7ff77c63131b 538->544 545 7ff77c6312e6-7ff77c631304 call 7ff77c644f78 call 7ff77c632910 538->545 546 7ff77c631320-7ff77c631345 call 7ff77c64040c 544->546 545->550 556 7ff77c63134b-7ff77c631355 call 7ff77c640180 546->556 557 7ff77c631431 546->557 556->557 564 7ff77c63135b-7ff77c631367 556->564 557->550 566 7ff77c631370-7ff77c631398 call 7ff77c63a230 564->566 569 7ff77c63139a-7ff77c63139d 566->569 570 7ff77c631416-7ff77c63142c call 7ff77c632710 566->570 571 7ff77c631411 569->571 572 7ff77c63139f-7ff77c6313a9 569->572 570->557 571->570 574 7ff77c6313ab-7ff77c6313b9 call 7ff77c640b4c 572->574 575 7ff77c6313d4-7ff77c6313d7 572->575 581 7ff77c6313be-7ff77c6313c1 574->581 576 7ff77c6313d9-7ff77c6313e7 call 7ff77c659ea0 575->576 577 7ff77c6313ea-7ff77c6313ef 575->577 576->577 577->566 580 7ff77c6313f5-7ff77c6313f8 577->580 583 7ff77c6313fa-7ff77c6313fd 580->583 584 7ff77c63140c-7ff77c63140f 580->584 585 7ff77c6313cf-7ff77c6313d2 581->585 586 7ff77c6313c3-7ff77c6313cd call 7ff77c640180 581->586 583->570 588 7ff77c6313ff-7ff77c631407 583->588 584->557 585->570 586->577 586->585 588->546
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                      • API String ID: 2050909247-2813020118
                                                                                                                                                                                                      • Opcode ID: c071fae04400aaba9d8a24e5b62ce610f1ca997db65dc53a1f24edd26e5d05d7
                                                                                                                                                                                                      • Instruction ID: 449d78a6db43a6b6a4126bdaed83cf8eacd26779eeb93c9f080bc59d0a17e770
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c071fae04400aaba9d8a24e5b62ce610f1ca997db65dc53a1f24edd26e5d05d7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE51B563A3864245E762BB11A4903BBE292BF89794FD44135EE4E877C6DE3CE6418720
                                                                                                                                                                                                      Function 00007FF77C6336B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF77C633804), ref: 00007FF77C6336E1
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C633804), ref: 00007FF77C6336EB
                                                                                                                                                                                                        • Part of subcall function 00007FF77C632C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF77C633706,?,00007FF77C633804), ref: 00007FF77C632C9E
                                                                                                                                                                                                        • Part of subcall function 00007FF77C632C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF77C633706,?,00007FF77C633804), ref: 00007FF77C632D63
                                                                                                                                                                                                        • Part of subcall function 00007FF77C632C50: MessageBoxW.USER32 ref: 00007FF77C632D99
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                      • API String ID: 3187769757-2863816727
                                                                                                                                                                                                      • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                      • Instruction ID: 06af7d9a094265e26c22c70e98f3d0bffe1b72df2d7041147b00421daf22a886
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90217463B3C54291FB22B721E8943B7A262BF9C394FD04132EA5DC66D5EE2CE505C724
                                                                                                                                                                                                      Function 00007FF77C64BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 689 7ff77c64bacc-7ff77c64baf2 690 7ff77c64bb0d-7ff77c64bb11 689->690 691 7ff77c64baf4-7ff77c64bb08 call 7ff77c644f58 call 7ff77c644f78 689->691 693 7ff77c64bee7-7ff77c64bef3 call 7ff77c644f58 call 7ff77c644f78 690->693 694 7ff77c64bb17-7ff77c64bb1e 690->694 707 7ff77c64befe 691->707 710 7ff77c64bef9 call 7ff77c64a950 693->710 694->693 696 7ff77c64bb24-7ff77c64bb52 694->696 696->693 699 7ff77c64bb58-7ff77c64bb5f 696->699 702 7ff77c64bb78-7ff77c64bb7b 699->702 703 7ff77c64bb61-7ff77c64bb73 call 7ff77c644f58 call 7ff77c644f78 699->703 705 7ff77c64bee3-7ff77c64bee5 702->705 706 7ff77c64bb81-7ff77c64bb87 702->706 703->710 711 7ff77c64bf01-7ff77c64bf18 705->711 706->705 712 7ff77c64bb8d-7ff77c64bb90 706->712 707->711 710->707 712->703 716 7ff77c64bb92-7ff77c64bbb7 712->716 718 7ff77c64bbb9-7ff77c64bbbb 716->718 719 7ff77c64bbea-7ff77c64bbf1 716->719 722 7ff77c64bbbd-7ff77c64bbc4 718->722 723 7ff77c64bbe2-7ff77c64bbe8 718->723 720 7ff77c64bbf3-7ff77c64bbff call 7ff77c64d66c 719->720 721 7ff77c64bbc6-7ff77c64bbdd call 7ff77c644f58 call 7ff77c644f78 call 7ff77c64a950 719->721 729 7ff77c64bc04-7ff77c64bc1b call 7ff77c64a9b8 * 2 720->729 755 7ff77c64bd70 721->755 722->721 722->723 724 7ff77c64bc68-7ff77c64bc7f 723->724 727 7ff77c64bcfa-7ff77c64bd04 call 7ff77c65398c 724->727 728 7ff77c64bc81-7ff77c64bc89 724->728 741 7ff77c64bd8e 727->741 742 7ff77c64bd0a-7ff77c64bd1f 727->742 728->727 731 7ff77c64bc8b-7ff77c64bc8d 728->731 750 7ff77c64bc1d-7ff77c64bc33 call 7ff77c644f78 call 7ff77c644f58 729->750 751 7ff77c64bc38-7ff77c64bc63 call 7ff77c64c2f4 729->751 731->727 735 7ff77c64bc8f-7ff77c64bca5 731->735 735->727 739 7ff77c64bca7-7ff77c64bcb3 735->739 739->727 744 7ff77c64bcb5-7ff77c64bcb7 739->744 746 7ff77c64bd93-7ff77c64bdb3 ReadFile 741->746 742->741 747 7ff77c64bd21-7ff77c64bd33 GetConsoleMode 742->747 744->727 749 7ff77c64bcb9-7ff77c64bcd1 744->749 752 7ff77c64bead-7ff77c64beb6 GetLastError 746->752 753 7ff77c64bdb9-7ff77c64bdc1 746->753 747->741 754 7ff77c64bd35-7ff77c64bd3d 747->754 749->727 760 7ff77c64bcd3-7ff77c64bcdf 749->760 750->755 751->724 757 7ff77c64beb8-7ff77c64bece call 7ff77c644f78 call 7ff77c644f58 752->757 758 7ff77c64bed3-7ff77c64bed6 752->758 753->752 762 7ff77c64bdc7 753->762 754->746 756 7ff77c64bd3f-7ff77c64bd61 ReadConsoleW 754->756 759 7ff77c64bd73-7ff77c64bd7d call 7ff77c64a9b8 755->759 764 7ff77c64bd63 GetLastError 756->764 765 7ff77c64bd82-7ff77c64bd8c 756->765 757->755 769 7ff77c64bedc-7ff77c64bede 758->769 770 7ff77c64bd69-7ff77c64bd6b call 7ff77c644eec 758->770 759->711 760->727 768 7ff77c64bce1-7ff77c64bce3 760->768 772 7ff77c64bdce-7ff77c64bde3 762->772 764->770 765->772 768->727 777 7ff77c64bce5-7ff77c64bcf5 768->777 769->759 770->755 772->759 779 7ff77c64bde5-7ff77c64bdf0 772->779 777->727 782 7ff77c64be17-7ff77c64be1f 779->782 783 7ff77c64bdf2-7ff77c64be0b call 7ff77c64b6e4 779->783 785 7ff77c64be9b-7ff77c64bea8 call 7ff77c64b524 782->785 786 7ff77c64be21-7ff77c64be33 782->786 789 7ff77c64be10-7ff77c64be12 783->789 785->789 790 7ff77c64be8e-7ff77c64be96 786->790 791 7ff77c64be35 786->791 789->759 790->759 793 7ff77c64be3a-7ff77c64be41 791->793 794 7ff77c64be7d-7ff77c64be88 793->794 795 7ff77c64be43-7ff77c64be47 793->795 794->790 796 7ff77c64be49-7ff77c64be50 795->796 797 7ff77c64be63 795->797 796->797 798 7ff77c64be52-7ff77c64be56 796->798 799 7ff77c64be69-7ff77c64be79 797->799 798->797 800 7ff77c64be58-7ff77c64be61 798->800 799->793 801 7ff77c64be7b 799->801 800->799 801->790
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                      • Instruction ID: 72343e9ac82cd5047bbc8b378b984324359da8c0ad43e2cdb456e8fcb7a1e565
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6C1D52393CA8691E7526B55D0806BFB792EBC9B80FD54131EE4D8B791CE7CE7458320
                                                                                                                                                                                                      Function 00007FF77C636350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                      • API String ID: 2050909247-2434346643
                                                                                                                                                                                                      • Opcode ID: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                      • Instruction ID: 326f31c9b6eccc8d91287921d9b1f57975db1fd3647c90b0526bfac092f4af95
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5412022B3868691EB12EB15E4941EBA322FF5C354FD04132EA5D83696EF3CE515C760
                                                                                                                                                                                                      Function 00007FF77C645698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1279662727-0
                                                                                                                                                                                                      • Opcode ID: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                      • Instruction ID: 6b2031f2022a60333ae8fa073d7710fa471f9d5118068ebb59b7a18e2bb2e1c5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C641B433D38B8183E351EB20959037AB261FB98764F509334EA5C47AD6DF6CA7E08720
                                                                                                                                                                                                      Function 00007FF77C63CCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3251591375-0
                                                                                                                                                                                                      • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                      • Instruction ID: 3c75460419d0a6bd819aa20e2bffc3bbfbe21fee87ce08a626a3ed1afae0dc49
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1313823E7851255FB27BB2498913BBA683AF49384FD44534FA0DCB2D7DE2CA505C270
                                                                                                                                                                                                      Function 00007FF77C6401AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 965 7ff77c6401ac-7ff77c6401d9 966 7ff77c6401db-7ff77c6401de 965->966 967 7ff77c6401f5 965->967 966->967 968 7ff77c6401e0-7ff77c6401e3 966->968 969 7ff77c6401f7-7ff77c64020b 967->969 970 7ff77c64020c-7ff77c64020f 968->970 971 7ff77c6401e5-7ff77c6401ea call 7ff77c644f78 968->971 973 7ff77c640211-7ff77c64021d 970->973 974 7ff77c64021f-7ff77c640223 970->974 982 7ff77c6401f0 call 7ff77c64a950 971->982 973->974 976 7ff77c64024a-7ff77c640253 973->976 977 7ff77c640237-7ff77c64023a 974->977 978 7ff77c640225-7ff77c64022f call 7ff77c65a540 974->978 980 7ff77c64025a 976->980 981 7ff77c640255-7ff77c640258 976->981 977->971 979 7ff77c64023c-7ff77c640248 977->979 978->977 979->971 979->976 984 7ff77c64025f-7ff77c64027e 980->984 981->984 982->967 987 7ff77c6403c5-7ff77c6403c8 984->987 988 7ff77c640284-7ff77c640292 984->988 987->969 989 7ff77c64030a-7ff77c64030f 988->989 990 7ff77c640294-7ff77c64029b 988->990 992 7ff77c64037c-7ff77c64037f call 7ff77c64bf1c 989->992 993 7ff77c640311-7ff77c64031d 989->993 990->989 991 7ff77c64029d 990->991 995 7ff77c6403f0 991->995 996 7ff77c6402a3-7ff77c6402ad 991->996 1000 7ff77c640384-7ff77c640387 992->1000 997 7ff77c640329-7ff77c64032f 993->997 998 7ff77c64031f-7ff77c640326 993->998 999 7ff77c6403f5-7ff77c640400 995->999 1001 7ff77c6403cd-7ff77c6403d1 996->1001 1002 7ff77c6402b3-7ff77c6402b9 996->1002 997->1001 1003 7ff77c640335-7ff77c640352 call 7ff77c64a4ec call 7ff77c64bacc 997->1003 998->997 999->969 1000->999 1004 7ff77c640389-7ff77c64038c 1000->1004 1007 7ff77c6403e0-7ff77c6403eb call 7ff77c644f78 1001->1007 1008 7ff77c6403d3-7ff77c6403db call 7ff77c65a540 1001->1008 1005 7ff77c6402bb-7ff77c6402be 1002->1005 1006 7ff77c6402f1-7ff77c640305 1002->1006 1026 7ff77c640357-7ff77c640359 1003->1026 1004->1001 1010 7ff77c64038e-7ff77c6403a5 1004->1010 1012 7ff77c6402dc-7ff77c6402e7 call 7ff77c644f78 call 7ff77c64a950 1005->1012 1013 7ff77c6402c0-7ff77c6402c6 1005->1013 1011 7ff77c6403ac-7ff77c6403b7 1006->1011 1007->982 1008->1007 1010->1011 1011->988 1018 7ff77c6403bd 1011->1018 1032 7ff77c6402ec 1012->1032 1019 7ff77c6402c8-7ff77c6402d0 call 7ff77c659ea0 1013->1019 1020 7ff77c6402d2-7ff77c6402d7 call 7ff77c65a540 1013->1020 1018->987 1019->1032 1020->1012 1027 7ff77c64035f 1026->1027 1028 7ff77c640405-7ff77c64040a 1026->1028 1027->995 1031 7ff77c640365-7ff77c64037a 1027->1031 1028->999 1031->1011 1032->1006
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                      • Instruction ID: 35161f00ceea5db8d4f734909a7fbe4a85e0f33642812b5ab0d2d79bb5a6cf21
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F512B2373D26286E727BA65948067BB583AF4CBA4F944230DE6D8B7C5CF3CD7018620
                                                                                                                                                                                                      Function 00007FF77C64C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileLastPointer
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2976181284-0
                                                                                                                                                                                                      • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                      • Instruction ID: 12cc33ef135ed66a18025d4f413e7e3b6aba7442d071318187ee3e8eb1d6db66
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1611C862738A8181DB119B25B49416AB352FB89BF4F944331EE7D8B7D5CE7CD2118700
                                                                                                                                                                                                      Function 00007FF77C64A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9CE
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9D8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 485612231-0
                                                                                                                                                                                                      • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                      • Instruction ID: fed10fb103d6477cc030b2ddc0bbe0c8510855317c9b2dfa37a530ce330f7167
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66E0BF52F3960252FF167BB264D617BA2536FCC740BC54434DA1DDA2A2DE2CAA858220
                                                                                                                                                                                                      Function 00007FF77C64ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,00007FF77C64AA45,?,?,00000000,00007FF77C64AAFA), ref: 00007FF77C64AC36
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF77C64AA45,?,?,00000000,00007FF77C64AAFA), ref: 00007FF77C64AC40
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseErrorHandleLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 918212764-0
                                                                                                                                                                                                      • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                      • Instruction ID: b1524c1358b2d25084c8c5301f31bbd33835f4cff8a29cb184a56de0c9176cb3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14215313B3C64251EB967761A4D127FA6839F8CB90F984235DA1ECB7C2CE6CE7454310
                                                                                                                                                                                                      Function 00007FF77C64BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                      • Instruction ID: 313c2e9e3f84f81d07dcb7a95320bdcaaa8fd6e8f9c99358a15c186b3d1f4e4b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D841E83393860187EB75EB55E58017BB3A2EB59B45F900131DA8DCB691CF2DE702CB61
                                                                                                                                                                                                      Function 00007FF77C637F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fread_nolock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 840049012-0
                                                                                                                                                                                                      • Opcode ID: 9578cb62be41ca4d18d42ef1f4825d70acfd7f05a5d28fd673b41da833071700
                                                                                                                                                                                                      • Instruction ID: e3ed3fa545c1b11e1a67dfdd069fd642da0a6efdd0b6c3f98ac237d2d5f8f01f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9578cb62be41ca4d18d42ef1f4825d70acfd7f05a5d28fd673b41da833071700
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7215022B3865145EB52BA1265843FBE652BF4DBC4FC84431EE4D8B786CF3DE2418710
                                                                                                                                                                                                      Function 00007FF77C64B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                      • Instruction ID: 3d36fddc3f7c395abd5bcc2371566757168ab19091f844517a99fa8964755f9f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E318123A38A4285E7537B95C48227EB652EB88B94FC54135E91D8B3D2CE7CE7818730
                                                                                                                                                                                                      Function 00007FF77C646004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                      • Instruction ID: 9f4381dc3d53c78282251c2d9cc7030f33228ae357ad646e0d8d3cb9feac2e3d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3111233938A4141EBA27E51944117FF265AF49B84FC44031EE4C9BA9ADF3DD7418B22
                                                                                                                                                                                                      Function 00007FF77C6563C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                      • Instruction ID: 0fdeabe8b31d1c91d4da5585757769e766ca67f3e93f2c05b57d9ea6e98d6b20
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4621447363864286D762AF18E48037AB662EB88B94FA45234D75DC77D5DF3CD501CB10
                                                                                                                                                                                                      Function 00007FF77C64042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                      • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                      • Instruction ID: 91d204855f39683eabb33912eac4b5b170ee622047d929826912eb00450ae69e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F018223A3875180EB06FF52594106AF692AF89FE0B984631DE5C9BBDACE3CD3014710
                                                                                                                                                                                                      Function 00007FF77C639070 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00007FF77C639400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF77C6345E4,00000000,00007FF77C631985), ref: 00007FF77C639439
                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00007FF77C636466,?,00007FF77C63336E), ref: 00007FF77C639092
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2592636585-0
                                                                                                                                                                                                      • Opcode ID: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                      • Instruction ID: d36291a567ee8df9dc32b7ebad419c6e623dfc8fec9e4ef1b49432d29ab2a195
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60D08C12B3424642EB95B767BA8663A9252AFCDBC0F988035EE0D47B4AEC3CC0414B00
                                                                                                                                                                                                      Function 00007FF77C64EC08 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • HeapAlloc.KERNEL32(?,?,00000000,00007FF77C64B39A,?,?,?,00007FF77C644F81,?,?,?,?,00007FF77C64A4FA), ref: 00007FF77C64EC5D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocHeap
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4292702814-0
                                                                                                                                                                                                      • Opcode ID: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                      • Instruction ID: bd2e7b21759556caa03de58cd3f70ddbbed8d86597f48a0ed6911e2e873c806f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98F04F5AB3920640FF567A6254D12B7E2825F8CB80FCC5430C91DCE2D1ED1CA7914230
                                                                                                                                                                                                      Function 00007FF77C64D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • HeapAlloc.KERNEL32(?,?,?,00007FF77C640D00,?,?,?,00007FF77C64236A,?,?,?,?,?,00007FF77C643B59), ref: 00007FF77C64D6AA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocHeap
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4292702814-0
                                                                                                                                                                                                      • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                      • Instruction ID: 71995121434ff04a94afeb5904bb1de097200a28953701fc6daf20953cc25ded
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78F0DA12F3924645FF967B619891677A2925F9DBA0F880630AE2EC92D5DE2CA7408530

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00007FFE013E3B10 Relevance: 101.8, APIs: 46, Strings: 12, Instructions: 278COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_new$M_locate_const$M_get_intO_freeO_strdupR_set_debug$M_get_uintR_set_error$O_mallocO_reallocR_pop_to_markR_set_markT_freememset
                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_lib.c$add_provider_groups$tls-group-alg$tls-group-id$tls-group-is-kem$tls-group-name$tls-group-name-internal$tls-group-sec-bits$tls-max-dtls$tls-max-tls$tls-min-dtls$tls-min-tls
                                                                                                                                                                                                      • API String ID: 1308757171-3546839243
                                                                                                                                                                                                      • Opcode ID: 27202393e125a86cbc6d9cf61914cc3cec450e5e6dabe12e917f6f2b2a7d7b76
                                                                                                                                                                                                      • Instruction ID: 0a9de035ab8d264b0384cbc8b825bca688a28043a259419524cf75856cefe21c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27202393e125a86cbc6d9cf61914cc3cec450e5e6dabe12e917f6f2b2a7d7b76
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88C13961E0D70292FF64AB61D4812BD13E2EFA4794F854432E94D0F6FADE7CE486C212
                                                                                                                                                                                                      Function 00007FFE013DBD80 Relevance: 79.0, APIs: 43, Strings: 2, Instructions: 248COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBDE5
                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBDFD
                                                                                                                                                                                                      • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBE0B
                                                                                                                                                                                                      • OPENSSL_sk_num.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBE2B
                                                                                                                                                                                                      • OPENSSL_sk_value.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBE39
                                                                                                                                                                                                      • OPENSSL_sk_num.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBE65
                                                                                                                                                                                                      • X509_get_pubkey.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBE79
                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBEAF
                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBEC7
                                                                                                                                                                                                      • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBED8
                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBEE2
                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBEFA
                                                                                                                                                                                                      • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBF09
                                                                                                                                                                                                      • EVP_PKEY_missing_parameters.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBF16
                                                                                                                                                                                                      • EVP_PKEY_missing_parameters.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBF22
                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBF2B
                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBF43
                                                                                                                                                                                                      • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBF54
                                                                                                                                                                                                      • EVP_PKEY_copy_parameters.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBF64
                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBF6D
                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBF85
                                                                                                                                                                                                      • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBF96
                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DBFFF
                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DC017
                                                                                                                                                                                                      • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DC028
                                                                                                                                                                                                      • EVP_PKEY_free.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE013DB047), ref: 00007FFE013DC198
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error$L_sk_numY_missing_parameters$L_sk_valueX509_get_pubkeyY_copy_parametersY_free
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_rsa.c$ssl_set_cert_and_key
                                                                                                                                                                                                      • API String ID: 1144767644-2212061476
                                                                                                                                                                                                      • Opcode ID: e58b86f3c5db015dd80eb7b45485d5ae40c5736b81e19134fb3d4453b5fcbb15
                                                                                                                                                                                                      • Instruction ID: 236fe0cd2c70f93de176b5c0084a41c75fe6a7d31554309a355924fcab3d0f37
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e58b86f3c5db015dd80eb7b45485d5ae40c5736b81e19134fb3d4453b5fcbb15
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2BB18331A1855292EB50EB21E8916FD5351FF95B84F910132E94E4BBF6DF3CE546C302
                                                                                                                                                                                                      Function 00007FF77C638BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                      • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                      • API String ID: 3832162212-3165540532
                                                                                                                                                                                                      • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                      • Instruction ID: 421c7c3c72bc51a63a2a49f968326013d82f4217dc18b445872b84f441ee1f53
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CFD16133B38A8286E711AF34E8942ABB762FF8CB58F900235DE5D96694DF3CD5458710
                                                                                                                                                                                                      Function 00007FFE013B1ACD Relevance: 59.9, APIs: 32, Strings: 2, Instructions: 405COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_freememmove$O_zalloc
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_client_hello
                                                                                                                                                                                                      • API String ID: 3840452407-1456301196
                                                                                                                                                                                                      • Opcode ID: 1eb241e59b19756535fa85d0f47608af0a49b2a9f5c839a69407715240489308
                                                                                                                                                                                                      • Instruction ID: 61ef16fb4dc26d0610e46c2f984327144ea971f844155e4ea1f6d171602f5266
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1eb241e59b19756535fa85d0f47608af0a49b2a9f5c839a69407715240489308
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F02D372A18A9282EB249B21E4D02BD6751EF65780F908535DA9E0FAF5DF3CE1D1C702
                                                                                                                                                                                                      Function 00007FFE01413A90 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 207COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug$X509_get0_pubkeyX_new_from_pkey
                                                                                                                                                                                                      • String ID: $..\s\ssl\statem\statem_clnt.c$tls_construct_cke_gost
                                                                                                                                                                                                      • API String ID: 3869628303-1144584530
                                                                                                                                                                                                      • Opcode ID: 32e751c2c79760636a1aae4409ae14c57a70b1dcdf14215d076670b2ebcb5745
                                                                                                                                                                                                      • Instruction ID: 7e0a12c0971035995a06e51244bdac76cc0bee368196a45345d965d5b43988ff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32e751c2c79760636a1aae4409ae14c57a70b1dcdf14215d076670b2ebcb5745
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01918B31B0868296FB64AB62E8517FE2361BF98B94F840435DE0D4F7B2EF2CE5418341
                                                                                                                                                                                                      Function 00007FFE013B231F Relevance: 42.4, APIs: 20, Strings: 4, Instructions: 388COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_new$O_freeR_set_debug$D_fetchD_freeO_malloc_time64
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$SHA2-256$resumption$tls_process_new_session_ticket
                                                                                                                                                                                                      • API String ID: 4294151624-1635961163
                                                                                                                                                                                                      • Opcode ID: 820da5e7e70a9202f13f16d0803b951b2a26ae0181d167e4fbce2b6c67271352
                                                                                                                                                                                                      • Instruction ID: f5e72b4eba952d4dd4890ccde6b8de6dd6be1f0b50ce8449fde7bedc419da3fb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 820da5e7e70a9202f13f16d0803b951b2a26ae0181d167e4fbce2b6c67271352
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5002AD72A09B8281EB208B55E4903BD77A1FB84B95F548136EB8D4B7B6DF3CE591C700
                                                                                                                                                                                                      Function 00007FFE013B144C Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 225COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug$X_freeX_new
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$tls13_save_handshake_digest_for_pha$tls_process_finished
                                                                                                                                                                                                      • API String ID: 1676177304-1286925996
                                                                                                                                                                                                      • Opcode ID: a9bf916abee2bb6894632d2fd3986c034134b2dc74cb98c7c019fb027cff6c6d
                                                                                                                                                                                                      • Instruction ID: 5980821a8dde322e8b26057ffebb7e638693c4b42404f667d236e69f45885395
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9bf916abee2bb6894632d2fd3986c034134b2dc74cb98c7c019fb027cff6c6d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04A16D35A0868282F761EB61D890BFD2351EBA5B84F940036DA0D8F6F5DF7DE581C352
                                                                                                                                                                                                      Function 00007FFE013B176C Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 188COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_strdup$O_memdup$D_lock_newO_dup_ex_dataO_freeO_mallocR_newR_set_debugR_set_errorX509_chain_up_refX509_up_ref
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_sess.c$ssl_session_dup
                                                                                                                                                                                                      • API String ID: 1347456398-2356865551
                                                                                                                                                                                                      • Opcode ID: a5c669e9d3f93bc523d0a6c9474b9b43ee6975909d632dbd47cf7b3b8cb64a0b
                                                                                                                                                                                                      • Instruction ID: b5a8dd6430e226dba609aedd8337e7a0234e997dbb9a716690fa2a47a8121442
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5c669e9d3f93bc523d0a6c9474b9b43ee6975909d632dbd47cf7b3b8cb64a0b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7915022A09BC292EB599F60E4903BC2398FF54B44F494135EE8D1B6B6DF3CA295C310
                                                                                                                                                                                                      Function 00007FFE013FFB00 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 301COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_freeO_zalloc
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions.c$gfffffff$gfffffff$gfffffff$gfffffff$tls_collect_extensions
                                                                                                                                                                                                      • API String ID: 2822291608-2260929820
                                                                                                                                                                                                      • Opcode ID: 833ddd01eb9948849d16ec647e4cf22caff8f3c98e6a901282b0c27d4440fb5c
                                                                                                                                                                                                      • Instruction ID: 253e3ead97a11c476210bd50ffcbc06e29f956a0a0049d02da6fa7485fac67c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 833ddd01eb9948849d16ec647e4cf22caff8f3c98e6a901282b0c27d4440fb5c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAC10033B087C282EB60AB16E4407BA67A5FB95B84F454135EE8C5BBA9CF3CE441C701
                                                                                                                                                                                                      Function 00007FFE013BFB00 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_new$R_set_debug$O_clear_freeO_mallocX_freeX_new_from_pkeyY_deriveY_derive_set_peerY_is_a
                                                                                                                                                                                                      • String ID: ..\s\ssl\s3_lib.c$ssl_derive
                                                                                                                                                                                                      • API String ID: 885776404-3053632713
                                                                                                                                                                                                      • Opcode ID: 6738f77343f151bafde0f18fd525ca252385cc30361818a3bc451384b79df2c1
                                                                                                                                                                                                      • Instruction ID: 4927e84e8c0cd57adcfce0e41c622df83ea6ef91c627e647c6f621c9ddbb5522
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6738f77343f151bafde0f18fd525ca252385cc30361818a3bc451384b79df2c1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F851C172B0864291FB00EB52A8906FD5755AF94BD4F560032EE4D8FBB6EE2CE5828741
                                                                                                                                                                                                      Function 00007FFE013BFDB0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_mallocR_newR_set_debug$O_clear_freeO_freeX_freeX_new_from_pkeyY_encapsulate
                                                                                                                                                                                                      • String ID: ..\s\ssl\s3_lib.c$ssl_encapsulate
                                                                                                                                                                                                      • API String ID: 1298386825-1554727935
                                                                                                                                                                                                      • Opcode ID: a99f24dbd49a9be480758e8003e43373478e223309b7d6ee1fd0b69586a73a0f
                                                                                                                                                                                                      • Instruction ID: db94bcd2bc5722d4689ff8dc09f5b530089efc54e879e821509f191e86ca7449
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a99f24dbd49a9be480758e8003e43373478e223309b7d6ee1fd0b69586a73a0f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A51B131A19A4291F710EB26E8905BD6355BF95BC0F524032EE4D4FBB5EE3CD246C741
                                                                                                                                                                                                      Function 00007FFE013B1EE2 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_new$R_set_debug$O_freeR_set_error$L_sk_findL_sk_pushO_malloc
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_ciph.c$SSL_COMP_add_compression_method
                                                                                                                                                                                                      • API String ID: 672050802-2070406874
                                                                                                                                                                                                      • Opcode ID: 5eb6083eff30213e309ffbb13df3eef97f27c06261f3aa2026811ff320cc80a2
                                                                                                                                                                                                      • Instruction ID: 675f15ca23c801a3ae9e0041a661e796765c5d5ace66450f9a32013f7a6d130f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5eb6083eff30213e309ffbb13df3eef97f27c06261f3aa2026811ff320cc80a2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3418A64F2C64282F794ABA1E8816FD2251AF95790FC54031E90D4FAF6EF2CF9828701
                                                                                                                                                                                                      Function 00007FFE013DDDC0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error$O_zalloc
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_sess.c$SSL_SESSION_new
                                                                                                                                                                                                      • API String ID: 1179349375-402823876
                                                                                                                                                                                                      • Opcode ID: 3e6586d1590c5e37fe5a7cb55c6f6f0f2fce94f93ce1c7229bf9571863312e5a
                                                                                                                                                                                                      • Instruction ID: d698f8d44514de9271e3b77758674a0d0499aa9f0c7a685bc1a4ccefa1c25235
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e6586d1590c5e37fe5a7cb55c6f6f0f2fce94f93ce1c7229bf9571863312e5a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B41A235A19A8282E744AB61D8917FD2291FF94B84F844036D98D4F7F6EF3CD1458711
                                                                                                                                                                                                      Function 00007FFE013B11E0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_free$E_freeX509_Y_free$D_lock_freeL_sk_pop_freeX509_free
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                      • API String ID: 3478116879-349359282
                                                                                                                                                                                                      • Opcode ID: 0b9053203604b4df65f440c8bc2aa01b9e902017c6c466a04def92ae8f2e1a5e
                                                                                                                                                                                                      • Instruction ID: f280972606d57bbc57826e52e0bda65dd8c69dd5156c4119d38714ceac5d818c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b9053203604b4df65f440c8bc2aa01b9e902017c6c466a04def92ae8f2e1a5e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03317C32B18B4291EB44AB35E4907BC6320FB81B84F844132EE5D4F6B6DF6DE592C341
                                                                                                                                                                                                      Function 00007FFE013D5DE0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_zalloc$J_nid2snP_get_digestbyname
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$dane_ctx_enable
                                                                                                                                                                                                      • API String ID: 4284552970-1287278166
                                                                                                                                                                                                      • Opcode ID: a8f4df135f03f3dc9719767073f17fcf7d8dbe2755162a583af999141d426ab7
                                                                                                                                                                                                      • Instruction ID: f7d34ecd394738373b558a31767cb752726bb3ae418c90ebdef635fc04b83894
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8f4df135f03f3dc9719767073f17fcf7d8dbe2755162a583af999141d426ab7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B31D031B19A9196E754AB25F4803BD3771FB44B80F844135EA8D0BBB6EF2DE592C700
                                                                                                                                                                                                      Function 00007FFE013B157D Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: N_free$O_free
                                                                                                                                                                                                      • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                      • API String ID: 3506937590-1778748169
                                                                                                                                                                                                      • Opcode ID: 9d7af7435e934e5ed9e01f91a7a4af21c5cc41de842634f5dae193d241a08895
                                                                                                                                                                                                      • Instruction ID: 92e9b6bb3fd21327d01aa64de7ec3270d6211976651847253c91d2cba80f197b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d7af7435e934e5ed9e01f91a7a4af21c5cc41de842634f5dae193d241a08895
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2521D852E18A8282E746EB71C8517FC2324EBA4B4CF495235FE0C4E27ADF6DA6D18351
                                                                                                                                                                                                      Function 00007FFE013F3C30 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_free$L_cleanse
                                                                                                                                                                                                      • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                      • API String ID: 927910673-1306860146
                                                                                                                                                                                                      • Opcode ID: c22c73bbe0c40602e1db3ae9ade029143c7cb0ba8300de2ccb5f558f84c041da
                                                                                                                                                                                                      • Instruction ID: 87a1557a7ea7c746a5d987ac7daff63167b77d917d4cc9b2e4bc8889a9628482
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c22c73bbe0c40602e1db3ae9ade029143c7cb0ba8300de2ccb5f558f84c041da
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3513C22A19B8281EB14EF26D49027C2761FF89BC8F455135DE0D5BBB6EF2DE492C340
                                                                                                                                                                                                      Function 00007FFE013B2536 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_freeO_memdup
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\include\internal/packet.h$tls_parse_ctos_ec_pt_formats
                                                                                                                                                                                                      • API String ID: 3243760035-2708166893
                                                                                                                                                                                                      • Opcode ID: 9eee9a388c2e65b901abe693a96c46c622091c7007ef978c19ca4e338151e95f
                                                                                                                                                                                                      • Instruction ID: 5cabd9f115ff24f73e4403b79e03702be58e67978d301b3afe66693a6a035b97
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9eee9a388c2e65b901abe693a96c46c622091c7007ef978c19ca4e338151e95f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A31F225B09B8292E7509B61E8406EDA360FF59784F444135EA8C4BBB6DF3CEA92C305
                                                                                                                                                                                                      Function 00007FFE013B25EF Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_mallocmemmove
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_session_ticket
                                                                                                                                                                                                      • API String ID: 3517136906-3277354937
                                                                                                                                                                                                      • Opcode ID: 9946e5549853d265629e70989b3bdb6f21cff74586ee542c8bbe3980c8a5dca3
                                                                                                                                                                                                      • Instruction ID: 506b02faf9df1d4bad0d6628bc5b4cb448154088febd781c8e24be7ef8fb9ca8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9946e5549853d265629e70989b3bdb6f21cff74586ee542c8bbe3980c8a5dca3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA418031B1964295EB659B52D4903B82BA0FB84F90F58403AEA0D4BBF5DF7CED91C341
                                                                                                                                                                                                      Function 00007FFE013B1087 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: D_run_once$R_newR_set_debugR_set_error
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_init.c$OPENSSL_init_ssl
                                                                                                                                                                                                      • API String ID: 3879570137-3839768916
                                                                                                                                                                                                      • Opcode ID: 19e1efd9c36bb943d9c337dfea2bbc448af7aa4a23321f0bd318c7765c22e0d6
                                                                                                                                                                                                      • Instruction ID: eab0229a7b5e9046f7286d34514187980d15aa4ec87c8eb480c0c01e06cd1e18
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19e1efd9c36bb943d9c337dfea2bbc448af7aa4a23321f0bd318c7765c22e0d6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA317E75F0810387FB449B15E8926B962A5AF907C8F895035E90E8E5FADE2CED818742
                                                                                                                                                                                                      Function 00007FFDFAAF18A0 Relevance: 13.9, APIs: 9, Instructions: 426COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Mem_$FreeSubtypeType_$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3719493655-0
                                                                                                                                                                                                      • Opcode ID: 13b0b1041cca574ca06701db0d45e779ed743a60764eb712a04665505c58f9af
                                                                                                                                                                                                      • Instruction ID: ca7f938f6a81cfafb8d04ff9bea617675d8ff473e01879fef36b3b06f0a8e186
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13b0b1041cca574ca06701db0d45e779ed743a60764eb712a04665505c58f9af
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D02F272B08BC282E76D9B15D464A7977A1EF44780F5441B2DABE467C8EF3DE44AC310
                                                                                                                                                                                                      Function 00007FFDFF3F1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1789715337.00007FFDFF3F1000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FFDFF3F0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789684258.00007FFDFF3F0000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789751805.00007FFDFF3F3000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789778567.00007FFDFF3F4000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789802581.00007FFDFF3F5000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdff3f0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 313767242-0
                                                                                                                                                                                                      • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                      • Instruction ID: 7753344d4c65d2e257c325966740e7f5bfcf14630f5ea11364f7cbd9fdb8a396
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC316172708BC286EB64AF60E850BED73A0FB44744F44413ADA6E5B6D8DF38D548C704
                                                                                                                                                                                                      Function 00007FFDFF6D1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1790153239.00007FFDFF6D1000.00000020.00000001.01000000.00000038.sdmp, Offset: 00007FFDFF6D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790132929.00007FFDFF6D0000.00000002.00000001.01000000.00000038.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790172913.00007FFDFF6D3000.00000002.00000001.01000000.00000038.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790196351.00007FFDFF6D5000.00000002.00000001.01000000.00000038.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdff6d0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 313767242-0
                                                                                                                                                                                                      • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                      • Instruction ID: 9666b5f9b5cc1f7efc83bcdb49c5daa64624893103b130f39460f60c5af01df8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90314F72708B8289EB608F61E8607ED7368FB84748F44413ADA6D57A99DF78D648C710
                                                                                                                                                                                                      Function 00007FFDFF6A1A80 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1789939538.00007FFDFF6A1000.00000020.00000001.01000000.0000003A.sdmp, Offset: 00007FFDFF6A0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789917112.00007FFDFF6A0000.00000002.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789963055.00007FFDFF6A5000.00000002.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789984878.00007FFDFF6AF000.00000004.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790005078.00007FFDFF6B0000.00000002.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdff6a0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 313767242-0
                                                                                                                                                                                                      • Opcode ID: 4daa35a496de95c00f3549ff2ee86a4c9bdd8fe61db81f85dce5350646ac50d2
                                                                                                                                                                                                      • Instruction ID: a773ed1d172f943f45ff5ee8832b1ee53c677bc84d1298b74def18fcf6297097
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4daa35a496de95c00f3549ff2ee86a4c9bdd8fe61db81f85dce5350646ac50d2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D314F73709A8185EB60CF60E8607ED7364FB85744F44413ADA6D4BAD8EF38D658CB10
                                                                                                                                                                                                      Function 00007FFDFAAF3068 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 313767242-0
                                                                                                                                                                                                      • Opcode ID: 14da1239b2aff37f2225a2b2eb9612ff8327347efab586c9ed8106aec9f5eecf
                                                                                                                                                                                                      • Instruction ID: ee2e9123d071938bb736f3c2a7e97d30ed7683e48deb00d14748d544c7283dd7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14da1239b2aff37f2225a2b2eb9612ff8327347efab586c9ed8106aec9f5eecf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22316D72709BC289EBA88F60E860BED3364FB84744F44403ADA5E47A98DF38C54DC714
                                                                                                                                                                                                      Function 00007FFDFF6C1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1790050435.00007FFDFF6C1000.00000020.00000001.01000000.00000039.sdmp, Offset: 00007FFDFF6C0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790028351.00007FFDFF6C0000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790073229.00007FFDFF6C4000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790092982.00007FFDFF6C5000.00000004.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790113402.00007FFDFF6C6000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdff6c0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 313767242-0
                                                                                                                                                                                                      • Opcode ID: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                                                                                      • Instruction ID: aaffd05204991c931c586ca21db32dbf8cbfb9e3cbb1f987b55bf93efd043cd1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61313072708B8185EB60AF60E8A07E97365FB44749F44413ADAAD47B99DF38D648C710
                                                                                                                                                                                                      Function 00007FFDFF691960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1789848549.00007FFDFF691000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FFDFF690000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789825319.00007FFDFF690000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789873449.00007FFDFF696000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789896284.00007FFDFF69B000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdff690000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 313767242-0
                                                                                                                                                                                                      • Opcode ID: 26897df24f70a55c30b919b36952ff972a20fdcb0ee0bee13c52e1828fe953fd
                                                                                                                                                                                                      • Instruction ID: f553a3a5198c3b4b1e6003a275c7f4219fed6fe40b53c1bddeedf95d537b2bac
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26897df24f70a55c30b919b36952ff972a20fdcb0ee0bee13c52e1828fe953fd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24314172709B8185EB708F60E8A07ED7364FB44748F54413ADA6E47699DF39D648C710
                                                                                                                                                                                                      Function 00007FFDFAC89A70 Relevance: 12.4, APIs: 1, Strings: 7, Instructions: 398COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memcpy
                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$API call with %s database connection pointer$NULL$invalid$misuse$unopened
                                                                                                                                                                                                      • API String ID: 3510742995-863375387
                                                                                                                                                                                                      • Opcode ID: ebcfd4d320c8a855c25bad2e79043b46f1baa289721c4d7e74e567b371a0d908
                                                                                                                                                                                                      • Instruction ID: 12ab006d96f5a402e71427585b2002eefca30880f6c8fbb48294f1e1cff2a08e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ebcfd4d320c8a855c25bad2e79043b46f1baa289721c4d7e74e567b371a0d908
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC02AF2DB09A8285EB689F119460BBE67A0FF84B85F5481B1DE6E0B7DDDF3DE4458300
                                                                                                                                                                                                      Function 00007FFE013C7CB0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_freeO_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_ciph.c$ssl_cipher_strength_sort
                                                                                                                                                                                                      • API String ID: 2487674020-1223572542
                                                                                                                                                                                                      • Opcode ID: 7ec13297eba58d5c0c4d2c0c821356037c72251a1eef246ca4f6df6445aa1417
                                                                                                                                                                                                      • Instruction ID: 3359645cb092cb6db8e9ae823f2c2369768736031c6995548675b852f9c1681d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ec13297eba58d5c0c4d2c0c821356037c72251a1eef246ca4f6df6445aa1417
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D741BE72A04B4286EB55DF51D4845B837A1FB54BC0F968432DE0C4B765EF3DE991CB40
                                                                                                                                                                                                      Function 00007FFE01407DE0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_freeO_memdup
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                      • API String ID: 3962629258-3973221358
                                                                                                                                                                                                      • Opcode ID: 2f3a1c2bb5138dd59f392b0823c50638056d8aa9e5e4dd5ac5e039ada175a209
                                                                                                                                                                                                      • Instruction ID: 9e5e3644efb2554cbe54434f77dcf33747339c044035195ee0b812514c7c535a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f3a1c2bb5138dd59f392b0823c50638056d8aa9e5e4dd5ac5e039ada175a209
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B419172A06A5281EB52DB92F4805A973A4FB54BC5F45503ADE8C4BBB4EF7CE981C301
                                                                                                                                                                                                      Function 00007FFE013B1B31 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_free
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_supported_groups
                                                                                                                                                                                                      • API String ID: 1233037391-3902054871
                                                                                                                                                                                                      • Opcode ID: 4df750ec9348fb1cd0c9fa7fe0a6d7e6351629e4db1cf5ebe21d21f74df71a32
                                                                                                                                                                                                      • Instruction ID: 1e02b919ac92b7b3421aed594d9d7e65e14159df8caa5357a69fb6cf49350405
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4df750ec9348fb1cd0c9fa7fe0a6d7e6351629e4db1cf5ebe21d21f74df71a32
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A412272B2969292E7618B61E4407BD6390FB95384F444135EB8C5BAB1DF3CE6A1C700
                                                                                                                                                                                                      Function 00007FF77C6383B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,00007FF77C638B09,00007FF77C633FA5), ref: 00007FF77C63841B
                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?,00007FF77C638B09,00007FF77C633FA5), ref: 00007FF77C63849E
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,00007FF77C638B09,00007FF77C633FA5), ref: 00007FF77C6384BD
                                                                                                                                                                                                      • FindNextFileW.KERNEL32(?,00007FF77C638B09,00007FF77C633FA5), ref: 00007FF77C6384CB
                                                                                                                                                                                                      • FindClose.KERNEL32(?,00007FF77C638B09,00007FF77C633FA5), ref: 00007FF77C6384DC
                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?,00007FF77C638B09,00007FF77C633FA5), ref: 00007FF77C6384E5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                      • String ID: %s\*
                                                                                                                                                                                                      • API String ID: 1057558799-766152087
                                                                                                                                                                                                      • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                      • Instruction ID: 3c5da9064b05a0eb78b995f2950a23fea1c5633528eee9ef15dba30a203920cc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB415423A3C54295EB71AB14A4C45FBA362FF9CB54FD00232DA9DC2A95DF3CD5498710
                                                                                                                                                                                                      Function 00007FFDFAAF12F0 Relevance: 10.8, APIs: 7, Instructions: 347COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4139299733-0
                                                                                                                                                                                                      • Opcode ID: 4c1ab3a9ee10578f50e5ddcb80cbb1500edbf8f85856d8ea69ee8be7dac4cd66
                                                                                                                                                                                                      • Instruction ID: 652c653133a425ac4284028eba64a46e1dec6fad655e38dc1e937b251321eeaa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c1ab3a9ee10578f50e5ddcb80cbb1500edbf8f85856d8ea69ee8be7dac4cd66
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40E1FCB6B08BE281EB2D8B11D424A7977A5FB40794F1401B5DB7E866C8DF2DE84BC700
                                                                                                                                                                                                      Function 00007FF77C63D19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3140674995-0
                                                                                                                                                                                                      • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                      • Instruction ID: 9d56d606f5c3b37c063e9bc6f7c515f73ed0b3cb21dc667cbd5a27686f391b1e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A313F73728A8186EB619F60E8807FE6361FB88704F544039DB4D87B99DF38D548C724
                                                                                                                                                                                                      Function 00007FF77C655C70 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655CB5
                                                                                                                                                                                                        • Part of subcall function 00007FF77C655608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF77C65561C
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9CE
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A9B8: GetLastError.KERNEL32(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9D8
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF77C64A94F,?,?,?,?,?,00007FF77C64A83A), ref: 00007FF77C64A979
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF77C64A94F,?,?,?,?,?,00007FF77C64A83A), ref: 00007FF77C64A99E
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655CA4
                                                                                                                                                                                                        • Part of subcall function 00007FF77C655668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF77C65567C
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655F1A
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655F2B
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655F3C
                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF77C65617C), ref: 00007FF77C655F63
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4070488512-0
                                                                                                                                                                                                      • Opcode ID: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                      • Instruction ID: a41159ca12899c9e77a6399d74472c0b955da2c82e3cac3455962cff85b38fbf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0D1B223B3864245E722BF21E4C55BAA752EF4C794FE08136EB4DC769ADE3CE4418760
                                                                                                                                                                                                      Function 00007FF77C64A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                                      • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                      • Instruction ID: 10961d40ca19563583e6b43eebefc639103177f96609aa5d8f11ceec8a24b810
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E317137628B8186DB219F24E8802AFB3A1FB88754F940135EB8D87B59DF3CC1558B10
                                                                                                                                                                                                      Function 00007FFE013B108C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_free
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_cookie
                                                                                                                                                                                                      • API String ID: 2581946324-1257894829
                                                                                                                                                                                                      • Opcode ID: 259aba66962e9b631cacb3e84773a4eee8d71dfe46cb4b12438401466ab06348
                                                                                                                                                                                                      • Instruction ID: deb58a0e56384905bb946d45ab7e4db9455c23a9b6e1bf67a4d52d191a8cdd58
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 259aba66962e9b631cacb3e84773a4eee8d71dfe46cb4b12438401466ab06348
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18218E21B1864281F750AB62E5917BD2251EF84BD4F580035EE0D4FBB6EF6CE982C380
                                                                                                                                                                                                      Function 00007FF77C6518E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2227656907-0
                                                                                                                                                                                                      • Opcode ID: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                      • Instruction ID: 1af0f1ce52f67dc771e30ee579fc503d775ed074317064283adea7303a5f4715
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31B1B7A7B3869241EB62AB21A4801BBE352EB4CBD4FA44131DF5D97B95EE3CE541C310
                                                                                                                                                                                                      Function 00007FFE013C9D50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_freeO_strdup
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_conf.c$gfffffff
                                                                                                                                                                                                      • API String ID: 2148955802-4123734156
                                                                                                                                                                                                      • Opcode ID: 36565d17ced01440f01c1a12bdb88cc94fa3be2b622d0976af61771156605f6e
                                                                                                                                                                                                      • Instruction ID: 4decbd89397e90a2e6e2afb7c6bda896f9391df0ecb3005c8ffee24bfed66b17
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36565d17ced01440f01c1a12bdb88cc94fa3be2b622d0976af61771156605f6e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE217F72B19B4685EF44DF26F48036967A1EB88FC4F1A4035DE4D8F7A9DE2CE4018781
                                                                                                                                                                                                      Function 00007FFDFAC362C0 Relevance: 6.6, APIs: 5, Instructions: 360COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memcpy$memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 438689982-0
                                                                                                                                                                                                      • Opcode ID: 304fba770c544ede7452a4061ca79efafbc2549250430ea71847b1f8e5c244b1
                                                                                                                                                                                                      • Instruction ID: a4ebba8c153a59b1c4e83cc98913a5aa41591ecd55ec92e34a765161e12b66d0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 304fba770c544ede7452a4061ca79efafbc2549250430ea71847b1f8e5c244b1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8E1E23AB1978186E7988F29D060BBE67A5FB45BC4F044076EE9E437C9DE3DE4858300
                                                                                                                                                                                                      Function 00007FF77C655EEC Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655F1A
                                                                                                                                                                                                        • Part of subcall function 00007FF77C655668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF77C65567C
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655F2B
                                                                                                                                                                                                        • Part of subcall function 00007FF77C655608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF77C65561C
                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF77C655F3C
                                                                                                                                                                                                        • Part of subcall function 00007FF77C655638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF77C65564C
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9CE
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A9B8: GetLastError.KERNEL32(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9D8
                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF77C65617C), ref: 00007FF77C655F63
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3458911817-0
                                                                                                                                                                                                      • Opcode ID: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                      • Instruction ID: fc3b9eb9033d41aaf311671fe72dcb4598f5c85cbe5fa44e01d0c07e918b8a77
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80514D33B3864286E721FF21A9C15AAA762AB4C784F904536EB4DC7696DF3CE4408760
                                                                                                                                                                                                      Function 00007FFDFF6C2EB0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 283COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1790050435.00007FFDFF6C1000.00000020.00000001.01000000.00000039.sdmp, Offset: 00007FFDFF6C0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790028351.00007FFDFF6C0000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790073229.00007FFDFF6C4000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790092982.00007FFDFF6C5000.00000004.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790113402.00007FFDFF6C6000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdff6c0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _wassert
                                                                                                                                                                                                      • String ID: OCB_ENCRYPT==direction || OCB_DECRYPT==direction$src/raw_ocb.c
                                                                                                                                                                                                      • API String ID: 3234217646-1106498308
                                                                                                                                                                                                      • Opcode ID: 96f1c7f081ec5b5f110a8a436ffb5769e61779f6ca8b250aca86d5a0fd4485a4
                                                                                                                                                                                                      • Instruction ID: f7f81cbea79e5f7c37a376903a0eba2deb0fb173e1b9a7599b3d6df2639ebf43
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96f1c7f081ec5b5f110a8a436ffb5769e61779f6ca8b250aca86d5a0fd4485a4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69E13C4210D6E048C7168F7590206FE7FF0DB1FA59F4D81B6EBE94E58BD508C254EB2A
                                                                                                                                                                                                      Function 00007FFE013B1D8E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_freeO_memdup
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                      • API String ID: 3962629258-2868363209
                                                                                                                                                                                                      • Opcode ID: 17fc693176754f1176451082c2c44af7d9a1f946fc87e3602af76f4eeea5d05d
                                                                                                                                                                                                      • Instruction ID: 321f55451ca4574233c0d563f1edb0218a17dd9395fdf03042bc3742c802aefa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17fc693176754f1176451082c2c44af7d9a1f946fc87e3602af76f4eeea5d05d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73116531B09F9182E7958B52B94026C6694FB48FC4F590035EE4C5FFA9EF2DD6928310
                                                                                                                                                                                                      Function 00007FFE0140FCC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_freeO_memdup
                                                                                                                                                                                                      • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                      • API String ID: 3962629258-2521442236
                                                                                                                                                                                                      • Opcode ID: bd6c9304aeb4a024b43df89f4a260b6424ef85be4baf9c0a24da548ddf1e0540
                                                                                                                                                                                                      • Instruction ID: d50a5902ecdf7cfb4a0bf72a744ab1c2e440895674fe0fe6e3320384f04b3778
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd6c9304aeb4a024b43df89f4a260b6424ef85be4baf9c0a24da548ddf1e0540
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D014F32716B5281EB509F52F8846597764FB58BC0F488435EF8C4BB65EE3CD5528700
                                                                                                                                                                                                      Function 00007FFE013C1AA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_freeO_strndup
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_asn1.c
                                                                                                                                                                                                      • API String ID: 2641571835-3659835543
                                                                                                                                                                                                      • Opcode ID: e774afb10ac652100d47447a76614ce0792835d75f19e29492a5db2d1d73625e
                                                                                                                                                                                                      • Instruction ID: 9552613b5e60b92cf1d9f5da975c4ee3eaaccc066bd458975eff24a1e6f84e80
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e774afb10ac652100d47447a76614ce0792835d75f19e29492a5db2d1d73625e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47016D32B19A5281EB409B56F540368A760FB48BC4F499032FE5D57B6AEF2CD5A18700
                                                                                                                                                                                                      Function 00007FFE0140FF50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_freeO_strndup
                                                                                                                                                                                                      • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                      • API String ID: 2641571835-2521442236
                                                                                                                                                                                                      • Opcode ID: d077f02f28dc80c173b48ec0dc7e5fadc96060128e03643208d4e1341bb20662
                                                                                                                                                                                                      • Instruction ID: 181496053edec152c74f7322c7035830cdd0351b4ba871d94e5dd39fbf477db0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d077f02f28dc80c173b48ec0dc7e5fadc96060128e03643208d4e1341bb20662
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57F03072B09A4281EB04AF66F8955AC6761EB58BC4F848036EE0C8B775DE2CD5558700
                                                                                                                                                                                                      Function 00007FFE013D5F90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_free
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                      • API String ID: 2581946324-1080266419
                                                                                                                                                                                                      • Opcode ID: b17a1dc97bde2825c6a5434256753d7812aa03e6824a2e1b8617030c61b457a7
                                                                                                                                                                                                      • Instruction ID: d4bebfd47aa7378ad14e2c9399cd483c50b7c3000b5bfee1ae1f706cdd48c504
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b17a1dc97bde2825c6a5434256753d7812aa03e6824a2e1b8617030c61b457a7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0E0E562A14A42A2EB00AB35D8817A83761FB54B48F848135DA0C4F7B6EE6DD585C761
                                                                                                                                                                                                      Function 00007FFE013F58F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_free
                                                                                                                                                                                                      • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                      • API String ID: 2581946324-1306860146
                                                                                                                                                                                                      • Opcode ID: 7b11ee7e488ba75939e8ba733fee79ce52acc191ae8f20a3968226145aa3e58a
                                                                                                                                                                                                      • Instruction ID: 2cb439f3fa86b11fe1f551f8969d0d57fa1e7d3343a8b6b9fb0aee46172d9d4a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b11ee7e488ba75939e8ba733fee79ce52acc191ae8f20a3968226145aa3e58a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CF08211B1954241EF40BB26F4916BD9251EF89BC4F495035EE0D4FBA7EE2CD8918700
                                                                                                                                                                                                      Function 00007FFE013B12D0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: D_run_once
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1403826838-0
                                                                                                                                                                                                      • Opcode ID: 77cbd0b0b8ea079f4b3d3e7baca37b16dafba7cf961424cc6eb1f75db741db41
                                                                                                                                                                                                      • Instruction ID: e68923e31c7f29c9497ed79f1e5070dd0329cec39782b5f3e8c91ac84ac1248a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77cbd0b0b8ea079f4b3d3e7baca37b16dafba7cf961424cc6eb1f75db741db41
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2D0C998E0A50782FB007729D8822B42220BF90788FD14032D00D4E6B6ED1CA9568342
                                                                                                                                                                                                      Function 00007FF77C635820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C635830
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C635842
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C635879
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C63588B
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C6358A4
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C6358B6
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C6358CF
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C6358E1
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C6358FD
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C63590F
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C63592B
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C63593D
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C635959
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C63596B
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C635987
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C635999
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C6359B5
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF77C6364BF,?,00007FF77C63336E), ref: 00007FF77C6359C7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressErrorLastProc
                                                                                                                                                                                                      • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                      • API String ID: 199729137-653951865
                                                                                                                                                                                                      • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                      • Instruction ID: 0f67f3f9f5ef3faca929c6e198b9d2a730e8d2c9f8a7c052984995e3f0724bfe
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5022B566B39F0791FB07BB55B8D01B6A7A7AF4C745FE41436C91E82264EF3CA1488234
                                                                                                                                                                                                      Function 00007FF77C6376B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressErrorLastProc
                                                                                                                                                                                                      • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                      • API String ID: 199729137-3427451314
                                                                                                                                                                                                      • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                      • Instruction ID: c7cd5e8f845eefd49097c50b4c305f367ae8b8077bee09d16880e4613f3d8226
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C02BE62B3DB0790EB17BB55BAD4577A3A3AF4D754BE41031CA2D822A0EF3CB5448235
                                                                                                                                                                                                      Function 00007FFE013B22F2 Relevance: 52.7, APIs: 26, Strings: 4, Instructions: 198COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug$X_new$D_get_typeO_ctrlO_freeX_copy_exX_freeX_get0_md
                                                                                                                                                                                                      • String ID: ..\s\ssl\s3_enc.c$ssl3-ms$ssl3_digest_cached_records$ssl3_final_finish_mac
                                                                                                                                                                                                      • API String ID: 2271831671-3843019499
                                                                                                                                                                                                      • Opcode ID: 0307566b406547522c9582f5a90dc84eba7554021ef6ae1d28b807c284413efc
                                                                                                                                                                                                      • Instruction ID: e1591a4b362359a2666e8895d3d9d9f14df375f9eed098a88bb225639bf9fad7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0307566b406547522c9582f5a90dc84eba7554021ef6ae1d28b807c284413efc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1881B221A1C68A91F760EB229891BFE6350BF95784F814435EE4D4F6B6EF3CE186C701
                                                                                                                                                                                                      Function 00007FFE013EBB60 Relevance: 45.8, APIs: 16, Strings: 10, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_printf$O_indent$O_puts$X509_$E_freed2i_
                                                                                                                                                                                                      • String ID: %s (%d)$%s (0x%04x)$<UNPARSEABLE DN>$DistinguishedName (len=%d): $UNKNOWN$certificate_authorities (len=%d)$certificate_types (len=%d)$request_context$request_extensions$signature_algorithms (len=%d)
                                                                                                                                                                                                      • API String ID: 2542938528-1289818360
                                                                                                                                                                                                      • Opcode ID: 09cb34a77d344f66ae2e1094aa644f37e50e77cb632cb4387103ec8815bd88d7
                                                                                                                                                                                                      • Instruction ID: 5eb6979b1388865efa0fcba57ecf4bc646963a33edd12c18573db6aa5869ddbd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09cb34a77d344f66ae2e1094aa644f37e50e77cb632cb4387103ec8815bd88d7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46C10322B0C7D286EB218F1694057B9AB91FB55B94F498031DE8D4BBF9DE3DE145C700
                                                                                                                                                                                                      Function 00007FFE013D9F40 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_certificate$ssl_set_cert
                                                                                                                                                                                                      • API String ID: 1552677711-1118281239
                                                                                                                                                                                                      • Opcode ID: 9058d21f45ac6084b89aee5f2db564b627410ef4a597e4f80f776bb43f20b22d
                                                                                                                                                                                                      • Instruction ID: 22984330fbd5578c3f03d0cd3d32e98b20e19b48965bd1653e4c62c9c59396a6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9058d21f45ac6084b89aee5f2db564b627410ef4a597e4f80f776bb43f20b22d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED61B736B1899282EB40DB15E4916BD6361FBD9BC4F950031EB4D4BBBAEE3CD581C701
                                                                                                                                                                                                      Function 00007FFE013B1942 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_dane_enable
                                                                                                                                                                                                      • API String ID: 1552677711-2910236719
                                                                                                                                                                                                      • Opcode ID: 14efc94addaedfea5c79850d66cb27a32686bf856cd6e481cad7ecfc9f633b77
                                                                                                                                                                                                      • Instruction ID: ec6b8626e4e202c6a5703887ff0f6122b2d71ec89938d0936772d78d64142247
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14efc94addaedfea5c79850d66cb27a32686bf856cd6e481cad7ecfc9f633b77
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E41A271B2898192F790DB24E8817ED2252FF94794FD55231EA1C0FAF6DF2CD4868706
                                                                                                                                                                                                      Function 00007FFE013B263F Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_error
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_PrivateKey_file
                                                                                                                                                                                                      • API String ID: 1899708915-2252211958
                                                                                                                                                                                                      • Opcode ID: 7ff33d9e07edc6b1d1863f777273607fef71df5255b78d6fb528ed6f94d8f93d
                                                                                                                                                                                                      • Instruction ID: 5440db34844d2ad908147fda82ed2e316bca439407a302cb4281ff7dfeb8bb8a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ff33d9e07edc6b1d1863f777273607fef71df5255b78d6fb528ed6f94d8f93d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF418131A1CA4292F750EB51E8412FD6352FF98B84F954032E98C4FBB6DE3CE5868701
                                                                                                                                                                                                      Function 00007FFE013B222A Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 213COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_key_share
                                                                                                                                                                                                      • API String ID: 193678381-166674739
                                                                                                                                                                                                      • Opcode ID: c87ebdfa8a0f7a67168768347dfb568b9aed920fe9afcc19bf1f70962f8e10de
                                                                                                                                                                                                      • Instruction ID: 7b5eea5809f71dfd8a72c6ef3a44f40eff6abbdf72910af95eb4f74c79385e0a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c87ebdfa8a0f7a67168768347dfb568b9aed920fe9afcc19bf1f70962f8e10de
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D9116B1E19692C1F7519BA294802BE2791EF91784F45423AED4D5FAF6CF3CE982C700
                                                                                                                                                                                                      Function 00007FFE013C5CA0 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 101stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: strncmp$R_newR_set_debugR_set_error
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_ciph.c$ECDHE-ECDSA-AES128-GCM-SHA256$ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384$ECDHE-ECDSA-AES256-GCM-SHA384$SUITEB128$SUITEB128C2$SUITEB128ONLY$SUITEB192$check_suiteb_cipher_list
                                                                                                                                                                                                      • API String ID: 1930259724-1099454403
                                                                                                                                                                                                      • Opcode ID: 4fb00667328cc24e5a01ced80a969a7b37fcff98c645767f26b4f54dc518abc7
                                                                                                                                                                                                      • Instruction ID: 5d620cf3b0388947db35b32b6ae0f1f833bf503ed4218934368eadbeb2aed4f8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fb00667328cc24e5a01ced80a969a7b37fcff98c645767f26b4f54dc518abc7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20416F32F18A4396E7108B21E8543B977A0EB44B94F458435EA0ECB6B5DF6CF5A5CB01
                                                                                                                                                                                                      Function 00007FFE013B1C67 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug$L_sk_valueR_clear_errorX509_get0_pubkey
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$tls_post_process_server_certificate
                                                                                                                                                                                                      • API String ID: 2779586248-3767186838
                                                                                                                                                                                                      • Opcode ID: 83b60e124ffb344b91694eee76e59e26672e35621eca384badca9d95ee8817b9
                                                                                                                                                                                                      • Instruction ID: 4415bf8ea4453580afd51c9c4deb674779f7e0b2595a542772ff4fb3798ddbc4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83b60e124ffb344b91694eee76e59e26672e35621eca384badca9d95ee8817b9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32515961A1968282F750EB25D4957FD23A1EBD5B84F984031EE0D8F7B6DF2DE982C700
                                                                                                                                                                                                      Function 00007FF77C6381C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00007FF77C639400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF77C6345E4,00000000,00007FF77C631985), ref: 00007FF77C639439
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(?,00007FF77C6388A7,?,?,00000000,00007FF77C633CBB), ref: 00007FF77C63821C
                                                                                                                                                                                                        • Part of subcall function 00007FF77C632810: MessageBoxW.USER32 ref: 00007FF77C6328EA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                      • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                      • API String ID: 1662231829-930877121
                                                                                                                                                                                                      • Opcode ID: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                      • Instruction ID: b4795c968364faee0818537591df4f752c2475f69d1f9ffb18c0df18257a8dfb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92517513B3C64241FB52BB61A9D16BBE253AF9C780FD44032DB0EC66D6EE2CE5058760
                                                                                                                                                                                                      Function 00007FFE013B1825 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_next$O_free_allO_int_ctrlO_newO_s_socketO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_set_fd
                                                                                                                                                                                                      • API String ID: 2935861444-3152457077
                                                                                                                                                                                                      • Opcode ID: 479d6d7357ba75fe30c4083dc38e7f087118b597f0ac9a52a685430553148854
                                                                                                                                                                                                      • Instruction ID: 1a0e0870d217c858e86b0797f7bbced71e5c9bc89dadd4b25f560438fedd9b28
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 479d6d7357ba75fe30c4083dc38e7f087118b597f0ac9a52a685430553148854
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08317221F1960282EB64EB61E55117C9361EF94BC4F450431EA4E4FFFADE7DE8908351
                                                                                                                                                                                                      Function 00007FFE013B1096 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 180COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$tls_prepare_client_certificate
                                                                                                                                                                                                      • API String ID: 193678381-816577172
                                                                                                                                                                                                      • Opcode ID: dee5604ec6b15b605cd02077c3f2e835f61ed60e0dd710c374edb6aeed88eca8
                                                                                                                                                                                                      • Instruction ID: b0ae4d817e8828ed66b08ec3e9232b43e56f03daf9e716b94d9c75f34ffa369d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dee5604ec6b15b605cd02077c3f2e835f61ed60e0dd710c374edb6aeed88eca8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3716E72B1864282EB50DB15E4906FD67A1EFC5B84F995032EB4D4F6BADF2DE881C700
                                                                                                                                                                                                      Function 00007FF77C631600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                      • API String ID: 2050909247-1550345328
                                                                                                                                                                                                      • Opcode ID: 4c7fe1244eef98df2bcb46fd1baa582529a9c283c7dafe045e7b476fd79c6f5c
                                                                                                                                                                                                      • Instruction ID: 908a1b350d62b9c65f70f82d3611bbacc2d3698607f407ec5d4a5af64406cb9b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c7fe1244eef98df2bcb46fd1baa582529a9c283c7dafe045e7b476fd79c6f5c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E51A263B3864292EB12BB51A4801BBE362BF8D794FD44531EE1C877D2DE3CE6458360
                                                                                                                                                                                                      Function 00007FFE01419BA0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug$X509_get0_pubkey
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_ske_ecdhe
                                                                                                                                                                                                      • API String ID: 2988517565-1997102834
                                                                                                                                                                                                      • Opcode ID: 71f247ce7876683505c4b4ad72114123cf5f156a41cfb06cc1aa6d529bca82bd
                                                                                                                                                                                                      • Instruction ID: 9da24fabd4f6215d97f889bb9f3f8a756b6eeb1dcab0a31515df22f20b1c37ea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71f247ce7876683505c4b4ad72114123cf5f156a41cfb06cc1aa6d529bca82bd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9518032A18A8282E750DB61E4A16BD7761FB94784F844032DF8D4BBB6EF3CE591C740
                                                                                                                                                                                                      Function 00007FFE013B14EC Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 206COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug$ErrorLastO_ctrlO_readmemmove
                                                                                                                                                                                                      • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_read_n
                                                                                                                                                                                                      • API String ID: 4133841363-4226281315
                                                                                                                                                                                                      • Opcode ID: 037e7d2359cd23bf12120f1dd39d7f25bfb9e7f9f6dfcd92e2dd4aaa52ab750d
                                                                                                                                                                                                      • Instruction ID: 7a24ce2c8867ef20d5c1c042049fd4050f37b838272e29b700430096e3e18916
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 037e7d2359cd23bf12120f1dd39d7f25bfb9e7f9f6dfcd92e2dd4aaa52ab750d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72916B32A0868282FB50AF25D4547BD36A1EB50BD8F99413ADE4C1FAB9DF7CE845C350
                                                                                                                                                                                                      Function 00007FFDFAAF4804 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 93COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CompareUnicode_$DeallocStringWith
                                                                                                                                                                                                      • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                      • API String ID: 1004266020-3528878251
                                                                                                                                                                                                      • Opcode ID: cf64f6b9ab75cd253386f0f7453e80a2405618faa649494653d4230b278f9e28
                                                                                                                                                                                                      • Instruction ID: f5a5b0feb859e409e885b55ac2542dd9660fb8b5e4087acbce4f9983859bc796
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf64f6b9ab75cd253386f0f7453e80a2405618faa649494653d4230b278f9e28
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A414C21B087C382EF1C9B11E9B0A3973A5AF45B85F9440B5C9BE477D8DF2EE44A8344
                                                                                                                                                                                                      Function 00007FFDFAAF24D0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Module_$DeallocObjectObject_$ConstantFromSpecStringTrackTypeType_
                                                                                                                                                                                                      • String ID: 15.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                      • API String ID: 2663085338-4141011787
                                                                                                                                                                                                      • Opcode ID: 6b398be3fd63e60b8eeee9a963b5b24ee277b0b0407f88d061c760d12a720801
                                                                                                                                                                                                      • Instruction ID: 3ce667b8d3e5f9b1e2151f0d87661ddb0e52f7ef0a1ec427dc349d64a686d58a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b398be3fd63e60b8eeee9a963b5b24ee277b0b0407f88d061c760d12a720801
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93310721B09B8385FB1D6B25E834A7837A5AF49B80F4451B8D93E4A6DDDF3DE44E8700
                                                                                                                                                                                                      Function 00007FFE013D7D90 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_new$D_get_sizeDigestFinal_exR_set_debugX_copy_exX_freeX_get0_mdX_new
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$ssl_handshake_hash
                                                                                                                                                                                                      • API String ID: 474506514-3232504857
                                                                                                                                                                                                      • Opcode ID: 26a78cc74c6525379c245ac701a5a25562961fbecfcc77c97844b5b064d4b887
                                                                                                                                                                                                      • Instruction ID: 4a5d5766fb351b08430e09b592523b2961651515f7f878f2d03dc3c7a124950a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26a78cc74c6525379c245ac701a5a25562961fbecfcc77c97844b5b064d4b887
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6321B021F0865352F720AB62BC919BE6651AF90BC4F460431FE4D4F7B6EE3CE8828341
                                                                                                                                                                                                      Function 00007FFDFAAF11B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 152COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CompareStringUnicode_With$Mem_$FreeMallocSubtypeType_
                                                                                                                                                                                                      • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                      • API String ID: 1723213316-3528878251
                                                                                                                                                                                                      • Opcode ID: 7d9693cf2d06923f90061d591c3b8a3e1c636af1e984342259c0b7d751c99e14
                                                                                                                                                                                                      • Instruction ID: 8a17c557870147858b427558df18106f893ff9db3e72287f9a0d3a1ab6b8c2fd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d9693cf2d06923f90061d591c3b8a3e1c636af1e984342259c0b7d751c99e14
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A516F21B0C7D342FB6D9BA59870E797395AF52BC0F4451B1CA6A86ACDDF2DE40B8700
                                                                                                                                                                                                      Function 00007FFE013EDB50 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 129COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • BIO_indent.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,?,00007FFE013EB5EE), ref: 00007FFE013EDBBA
                                                                                                                                                                                                      • BIO_printf.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,?,00007FFE013EB5EE), ref: 00007FFE013EDBFE
                                                                                                                                                                                                      • BIO_indent.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,?,00007FFE013EB5EE), ref: 00007FFE013EDC55
                                                                                                                                                                                                      • BIO_printf.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,?,00007FFE013EB5EE), ref: 00007FFE013EDCAE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_indentO_printf
                                                                                                                                                                                                      • String ID: %s, Length=%d$UNKNOWN$Unsupported, hex dump follows:$message_seq=%d, fragment_offset=%d, fragment_length=%d
                                                                                                                                                                                                      • API String ID: 1860387303-4198474627
                                                                                                                                                                                                      • Opcode ID: 33a47e38e1b46a6264f8e460a0306516b777e661874f5575458a500ab7b74889
                                                                                                                                                                                                      • Instruction ID: 56cd08b39eb19d25c87fc1bb2cb9dfababd7b99c780e4562a3b96e8743633eaf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33a47e38e1b46a6264f8e460a0306516b777e661874f5575458a500ab7b74889
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0512362B0C6E146E724CB29A844A7E7BE1EB817D5F448135EEAD4BBE9DE3CD041C700
                                                                                                                                                                                                      Function 00007FFE013B1019 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$ssl_next_proto_validate$tls_parse_stoc_npn
                                                                                                                                                                                                      • API String ID: 193678381-2899453981
                                                                                                                                                                                                      • Opcode ID: 2fd302556afe2def7f58921f5571200c01d2190c6ab98bcf53c621c0c59e4bd4
                                                                                                                                                                                                      • Instruction ID: c82bc5c899d34d83600b743f1edd49aa66c29ffbaf86db7c600baf4140baaf7c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fd302556afe2def7f58921f5571200c01d2190c6ab98bcf53c621c0c59e4bd4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B851E471A1AB8682FB409B61E4907FD27A1EF94B44F884035EA4D4F7B5EF3CE5818B40
                                                                                                                                                                                                      Function 00007FFDFAAF43F0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 109COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                      • String ID: $%04X$a unicode character$argument$decomposition
                                                                                                                                                                                                      • API String ID: 1318908108-4056541097
                                                                                                                                                                                                      • Opcode ID: a3cef0d0996400cfa83e251a2d781e139d471a14dd81ecf0aeeb3af5fef58597
                                                                                                                                                                                                      • Instruction ID: 3b4e24518b66f6d2c0848589eb6c104628f5c44a14b2be85cec6795e874691df
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3cef0d0996400cfa83e251a2d781e139d471a14dd81ecf0aeeb3af5fef58597
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B41B4A2B08BC282EB2D9B15D860AB937A1FF45795F844275C97E176D8DF3CE54B8300
                                                                                                                                                                                                      Function 00007FF77C632180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                      • String ID: P%
                                                                                                                                                                                                      • API String ID: 2147705588-2959514604
                                                                                                                                                                                                      • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                      • Instruction ID: be180701450347c49b5ca29539e970a7d9caaae2e24e4650ffb24c923fce21bf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB51D5366287A186D7349F26B4581BBB7A2FB98B61F004121EFDE83695DF3CD045DB20
                                                                                                                                                                                                      Function 00007FFE013B2329 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$tls_process_change_cipher_spec
                                                                                                                                                                                                      • API String ID: 193678381-3810074443
                                                                                                                                                                                                      • Opcode ID: 94a27043d840fc91a8f4279131916f013933d917ca0c9531099949c38a6303d0
                                                                                                                                                                                                      • Instruction ID: 0ab6702353b0ce45f2c2ab9b38fd0fc520a35fe5f7cfb40539308f30d14abc74
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94a27043d840fc91a8f4279131916f013933d917ca0c9531099949c38a6303d0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B418075E1818292FB95EBA1D8917FD2391EFA4B94F844431DA0C4B6F1DF6CA5C2C311
                                                                                                                                                                                                      Function 00007FF77C6380B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                      • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                      • API String ID: 3975851968-2863640275
                                                                                                                                                                                                      • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                      • Instruction ID: c70121ada4e028e0be351826aa30a68c010c1f9b981b2844ad93ef5d9bcf0dff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F213523B38A4281E7566B79B89417BA252EFCCF90F984131DF2DC3394DE2CD5918321
                                                                                                                                                                                                      Function 00007FFDFF3F1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1789715337.00007FFDFF3F1000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FFDFF3F0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789684258.00007FFDFF3F0000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789751805.00007FFDFF3F3000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789778567.00007FFDFF3F4000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789802581.00007FFDFF3F5000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdff3f0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 349153199-0
                                                                                                                                                                                                      • Opcode ID: 31d8e522e61a33cf479bf52350be3450eaa8bff41c9a3cd264d2142d6b397c0f
                                                                                                                                                                                                      • Instruction ID: c2644960ef25b0c722177943b04a9d52fb611766a3c64cca2c52e9dcfdb91f10
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31d8e522e61a33cf479bf52350be3450eaa8bff41c9a3cd264d2142d6b397c0f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08812661F182C387EB58BB66B461AB963D0AF95780F484235D93D9E7DEDF2CE8058600
                                                                                                                                                                                                      Function 00007FFDFF6D1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1790153239.00007FFDFF6D1000.00000020.00000001.01000000.00000038.sdmp, Offset: 00007FFDFF6D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790132929.00007FFDFF6D0000.00000002.00000001.01000000.00000038.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790172913.00007FFDFF6D3000.00000002.00000001.01000000.00000038.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790196351.00007FFDFF6D5000.00000002.00000001.01000000.00000038.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdff6d0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 349153199-0
                                                                                                                                                                                                      • Opcode ID: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                      • Instruction ID: 8e71e72237d276532a9342a69ef36a4ca29821256576c40412bef07cba2d9b68
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21818C61F0C34786FB50AB66A861ABD639CAF95780F444335D93C977DEDEBCE8428600
                                                                                                                                                                                                      Function 00007FFDFF6A12CC Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1789939538.00007FFDFF6A1000.00000020.00000001.01000000.0000003A.sdmp, Offset: 00007FFDFF6A0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789917112.00007FFDFF6A0000.00000002.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789963055.00007FFDFF6A5000.00000002.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789984878.00007FFDFF6AF000.00000004.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790005078.00007FFDFF6B0000.00000002.00000001.01000000.0000003A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdff6a0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 349153199-0
                                                                                                                                                                                                      • Opcode ID: 25c34cf625cfd52ada091fdb65a0fc74a29e9636dd4e47856e36c618d7ae6fa2
                                                                                                                                                                                                      • Instruction ID: 30e71bae89ea8046a390083d6505bace3d96219db9eaddb0e41188773e9ceac3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25c34cf625cfd52ada091fdb65a0fc74a29e9636dd4e47856e36c618d7ae6fa2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83819E63F0864346F7509B669461AB963D8AF55B80F448735DA3D8F7DEEE3CE8418B00
                                                                                                                                                                                                      Function 00007FFDFAAF2740 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 349153199-0
                                                                                                                                                                                                      • Opcode ID: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
                                                                                                                                                                                                      • Instruction ID: 7a32b4041457520fd3536344e255c4338e67a2e10e41e8ac8832686c3aed3b1c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9681AF20F087C346FB6CAB659461AB937A0AF85780F1481B5D96C477EEDE3CE84F8200
                                                                                                                                                                                                      Function 00007FFDFF6C1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1790050435.00007FFDFF6C1000.00000020.00000001.01000000.00000039.sdmp, Offset: 00007FFDFF6C0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790028351.00007FFDFF6C0000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790073229.00007FFDFF6C4000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790092982.00007FFDFF6C5000.00000004.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1790113402.00007FFDFF6C6000.00000002.00000001.01000000.00000039.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdff6c0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 349153199-0
                                                                                                                                                                                                      • Opcode ID: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                                                                                      • Instruction ID: 1c20eb6068346ae7a2632791990dd32b123fa5911256c225b9075a6b5360544f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3881AE61F0824786F750BB669471A7923AAAF55B86F444335D9FC83BDEDE3CE8428600
                                                                                                                                                                                                      Function 00007FFDFF691030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1789848549.00007FFDFF691000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FFDFF690000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789825319.00007FFDFF690000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789873449.00007FFDFF696000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789896284.00007FFDFF69B000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdff690000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 349153199-0
                                                                                                                                                                                                      • Opcode ID: 3667c9311effcda5bebfcd6f0c463b07b4ccdab133b9d1969c09bf43b1d98b8c
                                                                                                                                                                                                      • Instruction ID: 9e5e3bbfb64533c2c45d5cd2bae71ac90d88a84de096de7f07502c98df2dcbaf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3667c9311effcda5bebfcd6f0c463b07b4ccdab133b9d1969c09bf43b1d98b8c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D819A61F0C24346FB70AB669461AB923A8EF9578CF644335D93D877DEDE3DE8428600
                                                                                                                                                                                                      Function 00007FFE013D5BE0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: L_sk_push$L_sk_new_nullL_sk_popR_newR_set_debugR_set_error
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$ct_move_scts
                                                                                                                                                                                                      • API String ID: 2315003219-2572802885
                                                                                                                                                                                                      • Opcode ID: 8365ea5b33b0477ef336b7f4614f36468769bd7fa5d506411c600347fb932b93
                                                                                                                                                                                                      • Instruction ID: 565734a55bf2702acfd12df2876716a56505e668aa1aa28c5b84ef030d3ec1a0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8365ea5b33b0477ef336b7f4614f36468769bd7fa5d506411c600347fb932b93
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C215021F1D74242FF55EB15A8502BD62A4AF94B80F494135EA8D4FBB6EF3CE4428701
                                                                                                                                                                                                      Function 00007FFDFAAF45B4 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Arg_$ArgumentCheckDigitErr_FromLongLong_PositionalStringUnicode_
                                                                                                                                                                                                      • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                      • API String ID: 4245020737-4278345224
                                                                                                                                                                                                      • Opcode ID: 63a51ef3fb3b37699c37d838a5587871e01ab33192532b5daca7f17e7c8dcafb
                                                                                                                                                                                                      • Instruction ID: 3071cd4236ec1f6ae7d215cc16c0aa85ca3d7a0e0beeea1aed000257308f820d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63a51ef3fb3b37699c37d838a5587871e01ab33192532b5daca7f17e7c8dcafb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC210C31B0878396EB5C9B65E86097973A5EB54B84F8440B1DA2E476ECDF2CE54A8700
                                                                                                                                                                                                      Function 00007FFDFAC64AB0 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 325COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Cannot add a REFERENCES column with non-NULL default value, xrefs: 00007FFDFAC64C33
                                                                                                                                                                                                      • UPDATE "%w".sqlite_master SET sql = printf('%%.%ds, ',sql) || %Q || substr(sql,1+length(printf('%%.%ds',sql))) WHERE type = 'table' AND name = %Q, xrefs: 00007FFDFAC64E5C
                                                                                                                                                                                                      • Cannot add a PRIMARY KEY column, xrefs: 00007FFDFAC64BC8
                                                                                                                                                                                                      • Cannot add a column with non-constant default, xrefs: 00007FFDFAC64CAF
                                                                                                                                                                                                      • cannot add a STORED column, xrefs: 00007FFDFAC64DB4
                                                                                                                                                                                                      • Cannot add a NOT NULL column with default value NULL, xrefs: 00007FFDFAC64C55
                                                                                                                                                                                                      • SELECT raise(ABORT,%Q) FROM "%w"."%w", xrefs: 00007FFDFAC64C3D, 00007FFDFAC64CB9, 00007FFDFAC64DC3
                                                                                                                                                                                                      • SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE quick_check GLOB 'CHECK*' OR quick_check GLOB 'NULL*', xrefs: 00007FFDFAC64F91
                                                                                                                                                                                                      • Cannot add a UNIQUE column, xrefs: 00007FFDFAC64BE3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memcpy
                                                                                                                                                                                                      • String ID: Cannot add a NOT NULL column with default value NULL$Cannot add a PRIMARY KEY column$Cannot add a REFERENCES column with non-NULL default value$Cannot add a UNIQUE column$Cannot add a column with non-constant default$SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE quick_check GLOB 'CHECK*' OR quick_check GLOB 'NULL*'$SELECT raise(ABORT,%Q) FROM "%w"."%w"$UPDATE "%w".sqlite_master SET sql = printf('%%.%ds, ',sql) || %Q || substr(sql,1+length(printf('%%.%ds',sql))) WHERE type = 'table' AND name = %Q$cannot add a STORED column
                                                                                                                                                                                                      • API String ID: 3510742995-3865411212
                                                                                                                                                                                                      • Opcode ID: 6145248e7b04b0619e5a8fcb440d0d42fd806850070c73835079349b62662a14
                                                                                                                                                                                                      • Instruction ID: f7051cf7862b96676bbc9dddb8e2937a5bc759f19a4225504130363655152b2f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6145248e7b04b0619e5a8fcb440d0d42fd806850070c73835079349b62662a14
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3FE1792AB09A8681EB69CB15D764BBD37A5FB84B88F0440B1DE6D07BD9DF3CE4558300
                                                                                                                                                                                                      Function 00007FF77C646300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: -$:$f$p$p
                                                                                                                                                                                                      • API String ID: 3215553584-2013873522
                                                                                                                                                                                                      • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                      • Instruction ID: 91926c82e6b76e1147182d4e737ab68119a92b102291a1875d959d8cbb4e90c1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 701283A3A3C15386FB267B14D1942BBB693FB48754FC44435E6898E6C4DB7CE7808B20
                                                                                                                                                                                                      Function 00007FF77C641038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: f$f$p$p$f
                                                                                                                                                                                                      • API String ID: 3215553584-1325933183
                                                                                                                                                                                                      • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                      • Instruction ID: fac51973bd1196917c338ec96bc6720873c6b21acca37337ae2970885ffdf184
                                                                                                                                                                                                      • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A1274A3E3C14785FB22BA15E09467BF663EB44754FE84035D699CA9C4DB7CE7808B20
                                                                                                                                                                                                      Function 00007FFDFF3F2760 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 154COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1789715337.00007FFDFF3F1000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FFDFF3F0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789684258.00007FFDFF3F0000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789751805.00007FFDFF3F3000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789778567.00007FFDFF3F4000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789802581.00007FFDFF3F5000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdff3f0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _wassert$memcpy
                                                                                                                                                                                                      • String ID: ((Nk==4) && (Nr==10)) || ((Nk==6) && (Nr==12)) || ((Nk==8) && (Nr==14))$(idx>=1) && (idx<=10)$src/AESNI.c$src/AESNI.c
                                                                                                                                                                                                      • API String ID: 4292997394-722309440
                                                                                                                                                                                                      • Opcode ID: d39dd8ff127fcd6812d8991013f514968d842da6ae2888197d778fac17dca971
                                                                                                                                                                                                      • Instruction ID: a059a413e424ebc6a5f55ea89ed1613c2d27f64f365b0b312f343935d54a9bc6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d39dd8ff127fcd6812d8991013f514968d842da6ae2888197d778fac17dca971
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB61D272F086C782EB24AB24E460AB97390FB95744F414331CA7D2B6D9EE7CE585C700
                                                                                                                                                                                                      Function 00007FF77C631050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                      • API String ID: 2050909247-3659356012
                                                                                                                                                                                                      • Opcode ID: de8e61ec69997f11b469c92c7e882d5c70667b0ffac99a6e4ea54993eceeeb84
                                                                                                                                                                                                      • Instruction ID: 3df8b116d815d9678d17537c549c6dcb0a4c7630eb520bb13e888315c66f08a2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: de8e61ec69997f11b469c92c7e882d5c70667b0ffac99a6e4ea54993eceeeb84
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27416263B3855241EB12FB12A8815BBE396BF8DB84FD44431ED4C87795DE3CE2458760
                                                                                                                                                                                                      Function 00007FF77C638850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTempPathW.KERNEL32(?,?,00000000,00007FF77C633CBB), ref: 00007FF77C6388F4
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00007FF77C633CBB), ref: 00007FF77C6388FA
                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00007FF77C633CBB), ref: 00007FF77C63893C
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638A20: GetEnvironmentVariableW.KERNEL32(00007FF77C63388E), ref: 00007FF77C638A57
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF77C638A79
                                                                                                                                                                                                        • Part of subcall function 00007FF77C6482A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF77C6482C1
                                                                                                                                                                                                        • Part of subcall function 00007FF77C632810: MessageBoxW.USER32 ref: 00007FF77C6328EA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                      • API String ID: 3563477958-1339014028
                                                                                                                                                                                                      • Opcode ID: 6ea14b1c2d16789ddeaa0d8cc05df9935aa6d91fa7ad17376743f3d33dced37a
                                                                                                                                                                                                      • Instruction ID: 3e306fa1590a24d5078505c44ce94abca282e781c9ed829ea387d64cd84a1fc2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ea14b1c2d16789ddeaa0d8cc05df9935aa6d91fa7ad17376743f3d33dced37a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE417313A3864245EB52BB25A9D51FB9292AF8CB80FD04132EE0DD66D6DD3CE6048320
                                                                                                                                                                                                      Function 00007FFE01423BC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,00007FFE014235ED,?,?,?,?,00000000,?,?,?,00007FFE01426DB6), ref: 00007FFE01423C4E
                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,00007FFE014235ED,?,?,?,?,00000000,?,?,?,00007FFE01426DB6), ref: 00007FFE01423C66
                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,00007FFE014235ED,?,?,?,?,00000000,?,?,?,00007FFE01426DB6), ref: 00007FFE01423CD6
                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,00007FFE014235ED,?,?,?,?,00000000,?,?,?,00007FFE01426DB6), ref: 00007FFE01423CEE
                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,00007FFE014235ED,?,?,?,?,00000000,?,?,?,00007FFE01426DB6), ref: 00007FFE01423D1D
                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,00007FFE014235ED,?,?,?,?,00000000,?,?,?,00007FFE01426DB6), ref: 00007FFE01423D35
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$create_ticket_prequel
                                                                                                                                                                                                      • API String ID: 193678381-2110699330
                                                                                                                                                                                                      • Opcode ID: 7a1e1a942697126a7e2585fbb89ef6e620470843cd1160c90b97ff364b461a2b
                                                                                                                                                                                                      • Instruction ID: d2e44d8c0a625160f820829254c3595c5bc2ea41cd00c4d8008c7246f4c5dd58
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a1e1a942697126a7e2585fbb89ef6e620470843cd1160c90b97ff364b461a2b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97418561B1C58282F750DB22E8957BD2660FFA8BC4F944431DE0D8F6B2DE6CE582C702
                                                                                                                                                                                                      Function 00007FFE0141DCC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 99COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_ctrlR_newR_set_debugmemmove
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$TLS 1.3, client CertificateVerify$TLS 1.3, server CertificateVerify$get_cert_verify_tbs_data
                                                                                                                                                                                                      • API String ID: 2906031378-3760622993
                                                                                                                                                                                                      • Opcode ID: 2e2892616ab69ccc4a6a71a34afaa7bfabbfc2e0ebdf9cccde18593cb9e65c89
                                                                                                                                                                                                      • Instruction ID: d650455e7eca64dee62b94f22849ffd611827a3aa1ad47eac47412dcd2ddffeb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e2892616ab69ccc4a6a71a34afaa7bfabbfc2e0ebdf9cccde18593cb9e65c89
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F41A362E08B8292E750CF64D4846BD6760FBA5B84F849132DB8C8B6B1DF3DE596C700
                                                                                                                                                                                                      Function 00007FFE013B1622 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: L_sk_num$L_sk_value
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_set_cipher_list
                                                                                                                                                                                                      • API String ID: 1603723057-1252523853
                                                                                                                                                                                                      • Opcode ID: 6abc975f689e2e66eb2796b33e0a5bbe0f0a88f60fffab79847ed839543e937e
                                                                                                                                                                                                      • Instruction ID: 751944a5a5da9ba463ff5b575b8f5ca54b5fbc2cba3ac00d190b259d893dc6be
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6abc975f689e2e66eb2796b33e0a5bbe0f0a88f60fffab79847ed839543e937e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5121C572B1969182E750AB19F8902ED63A0FF94B84F990035EB4D4B7F2DF3CD9428B05
                                                                                                                                                                                                      Function 00007FF77C63EA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                                      • API String ID: 849930591-393685449
                                                                                                                                                                                                      • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                      • Instruction ID: 59c1283f52e92d9e6681d8530fb94a9bdf7b45f029f3b5ed55d8dae20ab1e420
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13D1A177A3874186EB22EB25D4803AEB7A1FB48798F400135EE4D97B95DF38E451C720
                                                                                                                                                                                                      Function 00007FF77C64ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF77C64F11A,?,?,0000023D1BF99B38,00007FF77C64ADC3,?,?,?,00007FF77C64ACBA,?,?,?,00007FF77C645FAE), ref: 00007FF77C64EEFC
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF77C64F11A,?,?,0000023D1BF99B38,00007FF77C64ADC3,?,?,?,00007FF77C64ACBA,?,?,?,00007FF77C645FAE), ref: 00007FF77C64EF08
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                      • API String ID: 3013587201-537541572
                                                                                                                                                                                                      • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                      • Instruction ID: 668d798f9973a83621ca0681d29cfe874e03cdac1b470e88bd5391cf6b6c1c10
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A741C427B39A1282EB17EB169884577F292BF4DB90FC84535DD1DDB384EE3CE6058220
                                                                                                                                                                                                      Function 00007FF77C632C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF77C633706,?,00007FF77C633804), ref: 00007FF77C632C9E
                                                                                                                                                                                                      • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF77C633706,?,00007FF77C633804), ref: 00007FF77C632D63
                                                                                                                                                                                                      • MessageBoxW.USER32 ref: 00007FF77C632D99
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                      • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                      • API String ID: 3940978338-251083826
                                                                                                                                                                                                      • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                      • Instruction ID: f5708d039780d66c9dc51e505d35a1713d04afc18e947e0aaf9092ff12246f05
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E31B723728A4142E722BB15B8802ABA797BF8C798F800135EF4DD7759DE3CD546C710
                                                                                                                                                                                                      Function 00007FFE013F9FB0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_new$R_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\record\ssl3_record.c$early_data_count_ok
                                                                                                                                                                                                      • API String ID: 476316267-4150192623
                                                                                                                                                                                                      • Opcode ID: b827b963adc07f8f303b48ad48113d6b4a87dacd12daa6861e4b218454082955
                                                                                                                                                                                                      • Instruction ID: 451b6ab8d2b0022fee1b5bfa0b217217686187812c58c494e152ec2c7676f013
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b827b963adc07f8f303b48ad48113d6b4a87dacd12daa6861e4b218454082955
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F31B132B1858287EB94EB25E4907BD3391EF94784F564039EA0D4F6B1DE3CE9858700
                                                                                                                                                                                                      Function 00007FFE013B2392 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_new$R_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_maxfragmentlen
                                                                                                                                                                                                      • API String ID: 476316267-2494698823
                                                                                                                                                                                                      • Opcode ID: 5cc89016b1e3d1426edd97c28c221bfa48da024f2491fdafb2574cd8dfd73b7c
                                                                                                                                                                                                      • Instruction ID: 93cb37ef7a0785028545ebead9510647f3caa81d4bb58ca02702918e19795fcc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cc89016b1e3d1426edd97c28c221bfa48da024f2491fdafb2574cd8dfd73b7c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 221184B1A1958292F751A761E8912FD2751EF90740F884432DA0D0F7B2EE2C9AD38710
                                                                                                                                                                                                      Function 00007FFE013D5D10 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: L_sk_numL_sk_valueR_newR_set_debugR_set_error
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$ct_strict
                                                                                                                                                                                                      • API String ID: 2392307641-4060112342
                                                                                                                                                                                                      • Opcode ID: 2d0cd886799db58d7b469beb0f1b7e831c794a4a918643cc0e041093f625f1ce
                                                                                                                                                                                                      • Instruction ID: 0230ad866732d723d0395fc3531eb149095d4ec4051934aabb30beb16dd0e58b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d0cd886799db58d7b469beb0f1b7e831c794a4a918643cc0e041093f625f1ce
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C201D221F1854242F794EB25B8955AD5261EF847C0F954031FA5D8FBB6EE2CE8828711
                                                                                                                                                                                                      Function 00007FFE013B1A5A Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Key_exPrivateR_newR_set_debugR_set_errorY_freed2i_
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_PrivateKey_ASN1
                                                                                                                                                                                                      • API String ID: 3030233885-1502814970
                                                                                                                                                                                                      • Opcode ID: 1dfd130f0def66e16577bc01286c0ef96469c4fa15f0ffcff0f1a38f63df8103
                                                                                                                                                                                                      • Instruction ID: 018b9d418e2297657f9249d051e435b7d3be31948d869b45d55ad7ca14d5fdc5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1dfd130f0def66e16577bc01286c0ef96469c4fa15f0ffcff0f1a38f63df8103
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B019B62B18A4181EB40EB55F9912ADA3A1FF9C7C4F950031EA4C4BBB6EE3CD4918700
                                                                                                                                                                                                      Function 00007FFE013B58C0 Relevance: 12.1, APIs: 8, Instructions: 112COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_clear_flagsO_get_dataO_set_flagsO_set_retry_reason
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3836630899-0
                                                                                                                                                                                                      • Opcode ID: afe86e6ad3a5db392f23f95dfd19305c9bfff0712bd97fbf8711193d70f6c69c
                                                                                                                                                                                                      • Instruction ID: c64d66cc5be12252dd1602f0c54fbdcb687afdef50be7a1b789b24797ac5c02e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: afe86e6ad3a5db392f23f95dfd19305c9bfff0712bd97fbf8711193d70f6c69c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B941E832E1824242E755AB22A5D127E7751FF41BD4F954031DF0D5FBA6EE3CE8828741
                                                                                                                                                                                                      Function 00007FFE013B1573 Relevance: 12.1, APIs: 8, Instructions: 104COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: L_sk_num$L_sk_findL_sk_valueL_strnlenmemmove
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 779716121-0
                                                                                                                                                                                                      • Opcode ID: 73a4380347fbe8faae797dd1d4027ad625038518a7ebb6a41c76bab9fe3d05f5
                                                                                                                                                                                                      • Instruction ID: 76f994b742b7f94436ebeef2f96616f7c5ab338683bf22f6b9dfff86f4963170
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73a4380347fbe8faae797dd1d4027ad625038518a7ebb6a41c76bab9fe3d05f5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8311022B0968245EB10AA26BE5123F6791BF51BD4F4A8031EE8D8B7B5DF3CE481C300
                                                                                                                                                                                                      Function 00007FFE0141BD60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_ctrlX_get0_cipher$D_get_sizeR_get_flagsR_get_modeR_newR_set_debugX_get0_mdX_get_block_sizememmove
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_dtls.c$dtls1_retransmit_message
                                                                                                                                                                                                      • API String ID: 2736015689-3409696843
                                                                                                                                                                                                      • Opcode ID: 2f7cf66fc46072f6138dfe70ca00b8ca3d4b9b2d2993464c1367226c181939db
                                                                                                                                                                                                      • Instruction ID: c24e4dddcbc880726e5a816bea65086aae03a554e1decf963ef0c88191842287
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f7cf66fc46072f6138dfe70ca00b8ca3d4b9b2d2993464c1367226c181939db
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12619A32604B8492E794DB26E490AAE77A8FB88B94F414136EF9C47761DF3CD4A1C740
                                                                                                                                                                                                      Function 00007FFDFAAF16F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                      • String ID: a unicode character$argument$category
                                                                                                                                                                                                      • API String ID: 1318908108-2068800536
                                                                                                                                                                                                      • Opcode ID: 75ddb3696b46489ca6549d465876fca1f165cfd7b87c949410c65a543f1dc5fb
                                                                                                                                                                                                      • Instruction ID: 613a0fc4c705bacdc42c8b6e3f2b4a005c90ca19752add28095c2721f5c9f1ce
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75ddb3696b46489ca6549d465876fca1f165cfd7b87c949410c65a543f1dc5fb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C51C462B18BC681EB5D8B05D470AB873A1EF94B84F440075DAAF877D8DF2CE85AD350
                                                                                                                                                                                                      Function 00007FFDFAAF1000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                      • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                      • API String ID: 1318908108-2110215792
                                                                                                                                                                                                      • Opcode ID: 6f7a0223ee0090118d1ffdd6d95c782b73d4ddee4bbf01c7b704a6e76ba36895
                                                                                                                                                                                                      • Instruction ID: c434d39723861dbdfe3860f0a362bdd45587757269ee470ed0a4f48acc8c9a59
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f7a0223ee0090118d1ffdd6d95c782b73d4ddee4bbf01c7b704a6e76ba36895
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9741B162B18BC281EF5D8B15C475B7933A1EF44790F841079DA6F876C8CF2DE89A8354
                                                                                                                                                                                                      Function 00007FFE013B1014 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_cust.c$custom_ext_parse
                                                                                                                                                                                                      • API String ID: 193678381-2402109875
                                                                                                                                                                                                      • Opcode ID: 2157215991b731237227d426bc36b46e76949bafcfdcd6ddbc723cecc6a7bf4f
                                                                                                                                                                                                      • Instruction ID: 93b006c32ae7d98e76ef93f261c1cc7367de4001a04e688fbea8319f10ac7c1d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2157215991b731237227d426bc36b46e76949bafcfdcd6ddbc723cecc6a7bf4f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C241D331A1D64282E7619F66E4406BD33A1FB84B85F184039DE8D4BBB4DE3CEC51C741
                                                                                                                                                                                                      Function 00007FF77C63DD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF77C63DFEA,?,?,?,00007FF77C63DCDC,?,?,?,00007FF77C63D8D9), ref: 00007FF77C63DDBD
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF77C63DFEA,?,?,?,00007FF77C63DCDC,?,?,?,00007FF77C63D8D9), ref: 00007FF77C63DDCB
                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF77C63DFEA,?,?,?,00007FF77C63DCDC,?,?,?,00007FF77C63D8D9), ref: 00007FF77C63DDF5
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF77C63DFEA,?,?,?,00007FF77C63DCDC,?,?,?,00007FF77C63D8D9), ref: 00007FF77C63DE63
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF77C63DFEA,?,?,?,00007FF77C63DCDC,?,?,?,00007FF77C63D8D9), ref: 00007FF77C63DE6F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                      • API String ID: 2559590344-2084034818
                                                                                                                                                                                                      • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                      • Instruction ID: 7c1395ff52bb0383653c103124299ef6361d0c6233014f41a5557aa0bc79997d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0317022B3A64291EF13BB02A880576A795FF5CBA4F994535EE1D87384EF3CE4458324
                                                                                                                                                                                                      Function 00007FFE013B2207 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client_read_transition
                                                                                                                                                                                                      • API String ID: 3946675294-211585089
                                                                                                                                                                                                      • Opcode ID: 8ba2f46f0b448aa90e311d12c01b0859db567b14347f702688f6da89933cb1a1
                                                                                                                                                                                                      • Instruction ID: 2ae0c823389f6aad37d0208c2c218086557bcb823b43b4792c02cfc4f025daab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ba2f46f0b448aa90e311d12c01b0859db567b14347f702688f6da89933cb1a1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91318172B0854286EB54DB25E4D47BC2792EB88B84F594431EB0D8F7B6DE2DE5C28700
                                                                                                                                                                                                      Function 00007FFE013B1E1B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$tls_construct_server_certificate
                                                                                                                                                                                                      • API String ID: 193678381-3740638300
                                                                                                                                                                                                      • Opcode ID: e128bf10da1aeeeade1038166650ca6bd724d7b72962b563d6b415c8766d8291
                                                                                                                                                                                                      • Instruction ID: 6edb640dc023d005bdc60548d5be920c9c568d56621b9eecde8b827e17e5cf1c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e128bf10da1aeeeade1038166650ca6bd724d7b72962b563d6b415c8766d8291
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65219631F1C68282E754D726E8906AD6750EFA4BC4F884035EE4D8BBB6DE2CE5C6C701
                                                                                                                                                                                                      Function 00007FFE013B24CD Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$dtls_construct_hello_verify_request
                                                                                                                                                                                                      • API String ID: 193678381-1802759638
                                                                                                                                                                                                      • Opcode ID: bc86a8f039aea719a0fc61957b91765e84f4fab7c35ae9e5c11263e1b859cb23
                                                                                                                                                                                                      • Instruction ID: 422de3a6d4978066d0f93a873c29d14d0efdf01375a3674f8ed7caa0d6b55390
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc86a8f039aea719a0fc61957b91765e84f4fab7c35ae9e5c11263e1b859cb23
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A317F31B1868281E7509B55E851BFE2665EF98BC4F880036EB4D4BBB6DF2DE5818701
                                                                                                                                                                                                      Function 00007FF77C632A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF77C63351A,?,00000000,00007FF77C633F23), ref: 00007FF77C632AA0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                      • API String ID: 2050909247-2900015858
                                                                                                                                                                                                      • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                      • Instruction ID: 0c7eaf926f917a2dc6b1bdf557cbfa568e0ea31aca9bcd9739f1c98dfa5c6bc4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC217F73B38B8192E722EB51B8817E7A395BB88784F800132FE8C93659DF3CD2458650
                                                                                                                                                                                                      Function 00007FF77C638760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 995526605-0
                                                                                                                                                                                                      • Opcode ID: 1e3bf3a8b1345e2c0c0bdd6ff4e06add0bb9355989cc78c5a669156b3459c754
                                                                                                                                                                                                      • Instruction ID: 868ca856f451a2f1b2052b18092ee8553e4219f53cd6ed36ec3068dd8b33fd62
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e3bf3a8b1345e2c0c0bdd6ff4e06add0bb9355989cc78c5a669156b3459c754
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38214422B2864241EB51AB55B49427BE7A2EBCDBA0F900235EA6D836E4DE7CD4448710
                                                                                                                                                                                                      Function 00007FF77C64B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                      • Opcode ID: 64d992c46ee3b7395fe78fb810fe312dfe396e54660f00f57cdb80144ae96788
                                                                                                                                                                                                      • Instruction ID: 10ad2220ca5c5e41b241893cb13ff3311d6c512e72b1bfdc0d6b04a16c043729
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64d992c46ee3b7395fe78fb810fe312dfe396e54660f00f57cdb80144ae96788
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF213626A3C60241FB5A77A196E113FF1535F8CBA0F944634DD3E8AAD6DE2CA7018321
                                                                                                                                                                                                      Function 00007FF77C657DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                      • String ID: CONOUT$
                                                                                                                                                                                                      • API String ID: 3230265001-3130406586
                                                                                                                                                                                                      • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                      • Instruction ID: f73039f58a69863f39feb8ae68b61f6f28157fd86224e2d3a971d63c839ef94b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A117222738B4186E351AB52B89433AB3A1BB8CBE4F900234DE5DC7794DF3CD9048750
                                                                                                                                                                                                      Function 00007FFDFAAF1150 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyArg_CheckPositional.PYTHON312 ref: 00007FFDFAAF3607
                                                                                                                                                                                                      • _PyArg_BadArgument.PYTHON312 ref: 00007FFDFAAF363A
                                                                                                                                                                                                        • Part of subcall function 00007FFDFAAF11B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFDFAAF11E2
                                                                                                                                                                                                        • Part of subcall function 00007FFDFAAF11B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFDFAAF11FA
                                                                                                                                                                                                        • Part of subcall function 00007FFDFAAF11B0: PyType_IsSubtype.PYTHON312 ref: 00007FFDFAAF121D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Arg_CompareStringUnicode_With$ArgumentCheckPositionalSubtypeType_
                                                                                                                                                                                                      • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                      • API String ID: 4101545800-1320425463
                                                                                                                                                                                                      • Opcode ID: 2dbf24b9019d36270aeee854f5eb720b9aec5d3fd397e623ab08701816bde558
                                                                                                                                                                                                      • Instruction ID: 6eab9f815c14655d0df698b7e586e9264d11c8b57386f924556d96b004805dca
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2dbf24b9019d36270aeee854f5eb720b9aec5d3fd397e623ab08701816bde558
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC117360B08BC290EB5C8B55E8A4AB57360AF04FC4F898075D93D0B3D8DF2CD54AC310
                                                                                                                                                                                                      Function 00007FFE013B1AAA Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_errorY_get0_group
                                                                                                                                                                                                      • String ID: ..\s\ssl\tls_depr.c$ssl_set_tmp_ecdh_groups
                                                                                                                                                                                                      • API String ID: 2690379533-3926364423
                                                                                                                                                                                                      • Opcode ID: 45eab686c58ca8c81eac5e29737392f2cac606e5fed72d4ccbde05fd96734503
                                                                                                                                                                                                      • Instruction ID: cf947b9a5a067997dcd0a04dfbc61c24723c4f8a6b809a61205620ffdd4d8af8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45eab686c58ca8c81eac5e29737392f2cac606e5fed72d4ccbde05fd96734503
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1018F21F1828281EB90E765F9516BD5261EF987C4F950031EA0D8BBF6EE2CE4818701
                                                                                                                                                                                                      Function 00007FFDFAAF4764 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                      • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                      • API String ID: 3876575403-184702317
                                                                                                                                                                                                      • Opcode ID: a144f24e6de5b7cccd567b51e7b194ed070cb538066fb7292dbf1d4aae94f326
                                                                                                                                                                                                      • Instruction ID: ce7f50a2e0c28dd7dca81295b74ce15a10c5df745183d8072163ecf08b27be1a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a144f24e6de5b7cccd567b51e7b194ed070cb538066fb7292dbf1d4aae94f326
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E015B64B087C695EB5C8B56E8B0EB53360AB05FC4F9880B2D92D076DCDE2CD58AC300
                                                                                                                                                                                                      Function 00007FFE013B116D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_early_data
                                                                                                                                                                                                      • API String ID: 193678381-408386505
                                                                                                                                                                                                      • Opcode ID: d44309eef682da9d3054615f906b799589b390c34b3700588ac08bad1ac7d1b8
                                                                                                                                                                                                      • Instruction ID: f52b5050db0531d2afac5adf2f856223a055a06928b3bf141e6a778ca6f35146
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d44309eef682da9d3054615f906b799589b390c34b3700588ac08bad1ac7d1b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE018C75E2A542A3F351A7A1E8853FC2251EF94344FD80039D50C8E6F2EE3CAAC28605
                                                                                                                                                                                                      Function 00007FFE013F1AB4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_errorY_get0_group
                                                                                                                                                                                                      • String ID: ..\s\ssl\tls_depr.c$ssl_set_tmp_ecdh_groups
                                                                                                                                                                                                      • API String ID: 2690379533-3926364423
                                                                                                                                                                                                      • Opcode ID: 291af4b9b06ec7a0131e858965ad59492d26e6a0a040c0f7e202aca72186f2bc
                                                                                                                                                                                                      • Instruction ID: 7958d93e95bba07faadc6054011941074410533967633c24c1375bee36827eea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 291af4b9b06ec7a0131e858965ad59492d26e6a0a040c0f7e202aca72186f2bc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FF08225F2818652E794A3A0E8526BD5252DF98384FD54431EA0C8BFF7EE3CE8964643
                                                                                                                                                                                                      Function 00007FFDFAC4BBA4 Relevance: 9.4, APIs: 1, Strings: 5, Instructions: 354COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memcpy
                                                                                                                                                                                                      • String ID: 831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$cannot open savepoint - SQL statements in progress$cannot release savepoint - SQL statements in progress$no such savepoint: %s$statement aborts at %d: [%s] %s
                                                                                                                                                                                                      • API String ID: 3510742995-2526444651
                                                                                                                                                                                                      • Opcode ID: c9d744cff9dc738ede1e2a386e920d6a7cb1c7740c9bf092cb904dc52b4c502a
                                                                                                                                                                                                      • Instruction ID: a2562b6fe83c2dfb98b8ac3ea86735798abd4f7ac207b2992dbf28c43bb55bb9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9d744cff9dc738ede1e2a386e920d6a7cb1c7740c9bf092cb904dc52b4c502a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6AF1DD3AB0869785EB68CF1AD064A7E6BA4FB85B84F010071DE6D577D9CE3CE941CB40
                                                                                                                                                                                                      Function 00007FFDFAC73430 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 330COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • unknown column "%s" in foreign key definition, xrefs: 00007FFDFAC737CC
                                                                                                                                                                                                      • foreign key on %s should reference only one column of table %T, xrefs: 00007FFDFAC734B5
                                                                                                                                                                                                      • number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 00007FFDFAC734DE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memcpy$memset
                                                                                                                                                                                                      • String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
                                                                                                                                                                                                      • API String ID: 438689982-272990098
                                                                                                                                                                                                      • Opcode ID: d33b407a10e7d0ad13c26d0ca43705fecfafde5626fadbf1de958564b7d48643
                                                                                                                                                                                                      • Instruction ID: 5bf8cd7d9397ab7af062f2847d2ea43ea38f9d452867bafd86f250d4b5409976
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d33b407a10e7d0ad13c26d0ca43705fecfafde5626fadbf1de958564b7d48643
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5D1F26AB09B8682EB698B15A464EBD3BA1FB44BC4F4441B2DE6D077C9DF3CE441C300
                                                                                                                                                                                                      Function 00007FFDFAC46B10 Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 278COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memcpy
                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$API called with NULL prepared statement$API called with finalized prepared statement$misuse
                                                                                                                                                                                                      • API String ID: 3510742995-774319783
                                                                                                                                                                                                      • Opcode ID: c1f2e72d02041f634680d4dfe94196d23bd266405e708ce222b3484ffe9b10a2
                                                                                                                                                                                                      • Instruction ID: 7c57ebc0cdebe62e58d14cbf00e2da63269608fe39a639acdfb9066a43d6b9bb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1f2e72d02041f634680d4dfe94196d23bd266405e708ce222b3484ffe9b10a2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73E15126F09BC681E7158F28D5147BC6360FBA9B48F149275DFAC1769AEF38E2D58300
                                                                                                                                                                                                      Function 00007FF77C638560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF77C639216), ref: 00007FF77C638592
                                                                                                                                                                                                      • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF77C639216), ref: 00007FF77C6385E9
                                                                                                                                                                                                        • Part of subcall function 00007FF77C639400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF77C6345E4,00000000,00007FF77C631985), ref: 00007FF77C639439
                                                                                                                                                                                                      • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF77C639216), ref: 00007FF77C638678
                                                                                                                                                                                                      • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF77C639216), ref: 00007FF77C6386E4
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00000000,00007FF77C639216), ref: 00007FF77C6386F5
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00000000,00007FF77C639216), ref: 00007FF77C63870A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3462794448-0
                                                                                                                                                                                                      • Opcode ID: b2770b171440e78660be4c91fda42c27049aa369c6710ced6bdf6821ec2ad01d
                                                                                                                                                                                                      • Instruction ID: 28527531bd5f85a04fb5933b420b89bcca8cf4e0eab7c35c7a94e4ab62da60cb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2770b171440e78660be4c91fda42c27049aa369c6710ced6bdf6821ec2ad01d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB419363B3868241EB71AB11A5846ABA3A6FF8CBD4F840136DF4D97785DE3CD501C720
                                                                                                                                                                                                      Function 00007FFDFF3F1D30 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1789715337.00007FFDFF3F1000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FFDFF3F0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789684258.00007FFDFF3F0000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789751805.00007FFDFF3F3000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789778567.00007FFDFF3F4000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789802581.00007FFDFF3F5000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdff3f0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _aligned_free_aligned_malloc$callocfree
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2511558924-0
                                                                                                                                                                                                      • Opcode ID: 8fb2105fd7c39bf321232f7441f6f1b7ebcf620c9448f78960a77339e4ca462d
                                                                                                                                                                                                      • Instruction ID: 9c9735ede31ce1d41363b41e322f2e1266c6350b663233bf94348b6b1f177b40
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fb2105fd7c39bf321232f7441f6f1b7ebcf620c9448f78960a77339e4ca462d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35414F66B09B8283EB19EB41E46063963E0FF54B90F484631DE6E4B7D8EF7CE8558300
                                                                                                                                                                                                      Function 00007FFE013D7B22 Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: D_fetchD_freeD_get0_providerE_finishJ_nid2snR_pop_to_markR_set_mark
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3757542325-0
                                                                                                                                                                                                      • Opcode ID: 829558ffedcbe436977f3bb2c65a52e7f7dbc3a586ea058e1ae2543141a63a85
                                                                                                                                                                                                      • Instruction ID: b3c7f5caaa927b40dbb65f95c7f584d83229c8052e0fa499a4a87c997d4ac060
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 829558ffedcbe436977f3bb2c65a52e7f7dbc3a586ea058e1ae2543141a63a85
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5F04911F0A20206FF5977E268462BC61915FAEB94F891434EE4E5FBF3ED2CE8810351
                                                                                                                                                                                                      Function 00007FF77C6390E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638760: GetCurrentProcess.KERNEL32 ref: 00007FF77C638780
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638760: OpenProcessToken.ADVAPI32 ref: 00007FF77C638793
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638760: GetTokenInformation.ADVAPI32 ref: 00007FF77C6387B8
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638760: GetLastError.KERNEL32 ref: 00007FF77C6387C2
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638760: GetTokenInformation.ADVAPI32 ref: 00007FF77C638802
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF77C63881E
                                                                                                                                                                                                        • Part of subcall function 00007FF77C638760: CloseHandle.KERNEL32 ref: 00007FF77C638836
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,00007FF77C633C55), ref: 00007FF77C63916C
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,00007FF77C633C55), ref: 00007FF77C639175
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                      • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                      • API String ID: 6828938-1529539262
                                                                                                                                                                                                      • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                      • Instruction ID: c4cbfdd55ff3bf00d0f1a6a12ec3965102984bd89673b3ed4d265df4b183e318
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F211C23A38A4292E752BB10E5952EBA362FF8C780FD44035EA4D93796DF3CD9458760
                                                                                                                                                                                                      Function 00007FFE013B16EA Relevance: 9.1, APIs: 6, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_next$O_free_all$O_up_ref
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1216991848-0
                                                                                                                                                                                                      • Opcode ID: 3d962040b3249b589bf928f976abfb59706b636e2240d84bc5d5540052971784
                                                                                                                                                                                                      • Instruction ID: c237bf62382420dd58db2f18f5d77faf439236d2cd8670e3388392353c067b1d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d962040b3249b589bf928f976abfb59706b636e2240d84bc5d5540052971784
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA217FA1F09A0181EF689B65E89117C6360FF54FD4F454432EA8E0FBB9DE6CEC918312
                                                                                                                                                                                                      Function 00007FF77C64B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF77C644F81,?,?,?,?,00007FF77C64A4FA,?,?,?,?,00007FF77C6471FF), ref: 00007FF77C64B347
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C644F81,?,?,?,?,00007FF77C64A4FA,?,?,?,?,00007FF77C6471FF), ref: 00007FF77C64B37D
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C644F81,?,?,?,?,00007FF77C64A4FA,?,?,?,?,00007FF77C6471FF), ref: 00007FF77C64B3AA
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C644F81,?,?,?,?,00007FF77C64A4FA,?,?,?,?,00007FF77C6471FF), ref: 00007FF77C64B3BB
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C644F81,?,?,?,?,00007FF77C64A4FA,?,?,?,?,00007FF77C6471FF), ref: 00007FF77C64B3CC
                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF77C644F81,?,?,?,?,00007FF77C64A4FA,?,?,?,?,00007FF77C6471FF), ref: 00007FF77C64B3E7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                      • Opcode ID: 508bc4e8de0e80a19cd6daf9ed8871fa40715e6eab000f8b832e18dd1cfec2a0
                                                                                                                                                                                                      • Instruction ID: 4a48cffebe2a61792af35a5b47116c16b9f54490f83de3da2488f702f71ec4a4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 508bc4e8de0e80a19cd6daf9ed8871fa40715e6eab000f8b832e18dd1cfec2a0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5011F826A3CA4282F757776296D113BF1535F8C7A0B944634DA2ECA6D6DE2CA6018321
                                                                                                                                                                                                      Function 00007FF77C632910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF77C631B6A), ref: 00007FF77C63295E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                      • API String ID: 2050909247-2962405886
                                                                                                                                                                                                      • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                      • Instruction ID: 105a4c1febf8c39f9db4202fafb4e3b4aec72b4930ae7482d285028f2be29461
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6031A463B3868152E711A761B8816E7A296BF8C7D4F804132EE8DD3759EF3CD6468610
                                                                                                                                                                                                      Function 00007FF77C632390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                      • String ID: Unhandled exception in script
                                                                                                                                                                                                      • API String ID: 3081866767-2699770090
                                                                                                                                                                                                      • Opcode ID: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                      • Instruction ID: 155bd523d157080d4b4985a794b797d2d676d0096d09bd0851a4e3d1e9af62d7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8313273A3968189EB21AB21F8951FAA351FF8C784F940135EA4D8BA5ADF3CD105C710
                                                                                                                                                                                                      Function 00007FF77C632B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF77C63918F,?,00007FF77C633C55), ref: 00007FF77C632BA0
                                                                                                                                                                                                      • MessageBoxW.USER32 ref: 00007FF77C632C2A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentMessageProcess
                                                                                                                                                                                                      • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                      • API String ID: 1672936522-3797743490
                                                                                                                                                                                                      • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                      • Instruction ID: 711aac08c0f227ce4375ae82fe57499654687c397f11fe70bf9d22112f3eba4f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1921D373728B4192E712AB14F4807ABB3A5EB8C784F804132EE8D97659DF3CD205C710
                                                                                                                                                                                                      Function 00007FF77C632710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF77C631B99), ref: 00007FF77C632760
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                      • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                      • API String ID: 2050909247-1591803126
                                                                                                                                                                                                      • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                      • Instruction ID: 8e80d50c27a1b9f8f1a4797e9bf0ce19e3fa21fd2c4b938532dde35ea3163f2a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17217F73B38B8192E721EB50B8817E7A3A5AB8C384F800132FE8D93659DF3CD2458750
                                                                                                                                                                                                      Function 00007FFDFAAF4690 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Arg_ArgumentSubtypeType_
                                                                                                                                                                                                      • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                      • API String ID: 1522575347-3913127203
                                                                                                                                                                                                      • Opcode ID: f8fe7d2390cefcda47379d0bc21b213a30bcd05f20e1989e4018474eb32f17be
                                                                                                                                                                                                      • Instruction ID: a81deaf7791ddda4e0716f827403acd90be438cd2b95ddc16d2825c6156bbd0b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8fe7d2390cefcda47379d0bc21b213a30bcd05f20e1989e4018474eb32f17be
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3218E65F0CBC282EB5C8B51D460A7877A5EB45B80F8480B1D66E037ECDF2CE59A8740
                                                                                                                                                                                                      Function 00007FFDFAAF4C58 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                      • String ID: not a numeric character
                                                                                                                                                                                                      • API String ID: 1034370217-2058156748
                                                                                                                                                                                                      • Opcode ID: 7ac3b2fdf3478d2374b08fe415c3a12b63c61252479e25d1cab849eb02e47f53
                                                                                                                                                                                                      • Instruction ID: 7c15745146ee458071dce6f4d503d070d0b53e3cde0e5359bd8e9fbd6489cda1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ac3b2fdf3478d2374b08fe415c3a12b63c61252479e25d1cab849eb02e47f53
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23214F21F08BC382EB5E8B26D43093877A4AF44B98F1591B0C93E566DCDF2CE44B8740
                                                                                                                                                                                                      Function 00007FFE013EDD36 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_indentO_printf
                                                                                                                                                                                                      • String ID: %s=0x%x (%s)$cookie$server_version
                                                                                                                                                                                                      • API String ID: 1860387303-2821402668
                                                                                                                                                                                                      • Opcode ID: 327565793ca1c70e8e8da8d0183750875db6904d42ff28b73fd3c334f791fb44
                                                                                                                                                                                                      • Instruction ID: d45ab0ee0e8725818103bb8ad41071dc06c7f6b9689a5ac2b4b9295ef471bf8f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 327565793ca1c70e8e8da8d0183750875db6904d42ff28b73fd3c334f791fb44
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9211C162B0C79142EB119B98E0040BAB392EF907A4F554232D96D1F6F9DE3DD582C314
                                                                                                                                                                                                      Function 00007FFDFAAF4354 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                      • String ID: not a decimal
                                                                                                                                                                                                      • API String ID: 3750391552-3590249192
                                                                                                                                                                                                      • Opcode ID: babd95680f3a021cdbe90a8980b0a1372c723c98da362c4ed99ce49efb4cea9f
                                                                                                                                                                                                      • Instruction ID: a58688b74fa24315510f1514a26f9e3241c0772e146cafdef75f91315b9a892b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: babd95680f3a021cdbe90a8980b0a1372c723c98da362c4ed99ce49efb4cea9f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34114621B18BC782EB5D9B16D47493C77A1AF44B84F4445B0CE6E876DCDF2CE85A8300
                                                                                                                                                                                                      Function 00007FFE013B22F7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_ctrlR_newR_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\d1_lib.c$dtls1_check_timeout_num
                                                                                                                                                                                                      • API String ID: 2442628283-2777391390
                                                                                                                                                                                                      • Opcode ID: 39901f4e62ad7e000960025d007d9c30c9bf97b8169bcd8fb6b77f78ad79f457
                                                                                                                                                                                                      • Instruction ID: 9a4f4c4a3839b2077d10a29f0851844d0316c993efd762e222a08212d29d4191
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39901f4e62ad7e000960025d007d9c30c9bf97b8169bcd8fb6b77f78ad79f457
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D117072E1868282E790AB65D8916FC37A1EF84B40F850035DB0D4F7F1EF2CD585C614
                                                                                                                                                                                                      Function 00007FFDFAAF4A64 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                      • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                      • API String ID: 3876575403-4190364640
                                                                                                                                                                                                      • Opcode ID: 788619a113f5b482446816568c8a6ce6929a34ab923ea752a318f2ec33933934
                                                                                                                                                                                                      • Instruction ID: 20db92fbd703578467072b1b899554c86698884e4202af41e63ea51aebb7ce6f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 788619a113f5b482446816568c8a6ce6929a34ab923ea752a318f2ec33933934
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62119031B08BC296EB1CAF51E4609A97360EB44B84F988076DA2D4779DCF3CE59AC300
                                                                                                                                                                                                      Function 00007FFDFAAF4BA4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                      • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                      • API String ID: 3876575403-2385192657
                                                                                                                                                                                                      • Opcode ID: bbdd109889d573d2d770b99f749a56ec45e44fab925d66d6427c2491f45a32cb
                                                                                                                                                                                                      • Instruction ID: 62ca97108de842dc9eb28051899902200f7a5fdb7e1a8dcfee4e2a158185031a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbdd109889d573d2d770b99f749a56ec45e44fab925d66d6427c2491f45a32cb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49116331B08BC296EB5C9F51E4609A97360EB44B84F984072DA2D477ADCF2DD59BC700
                                                                                                                                                                                                      Function 00007FFDFAAF42A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                      • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                      • API String ID: 3876575403-2474051849
                                                                                                                                                                                                      • Opcode ID: 1e4fff75323d13296d4f9873b31303b2eb894daa88b12eee96b04a04f0936518
                                                                                                                                                                                                      • Instruction ID: aab9462985f0799a3f4a4307bc53e3ae3e553f1c859cd76a0e0cf16c37a5eafe
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e4fff75323d13296d4f9873b31303b2eb894daa88b12eee96b04a04f0936518
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53116031B18BC296EB5CDF52E4609A97360EB44B84F984172DE2D477ADCF2CE58AC700
                                                                                                                                                                                                      Function 00007FFDFAAF4970 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                      • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                      • API String ID: 3979797681-4001128513
                                                                                                                                                                                                      • Opcode ID: 450df9025a0dac1254f35d1cfdfe59c877f6086a6bdfc57fc8ee28b17aa84801
                                                                                                                                                                                                      • Instruction ID: b7178b5a058261c454b0ff5f66e836b7d5854b9f3fb1c0f1995c58b9f7a12f72
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 450df9025a0dac1254f35d1cfdfe59c877f6086a6bdfc57fc8ee28b17aa84801
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0201B160F08BC392EB1C9B65A8A09B833A0FF48754F8482B1C57D432DDCE3DE59A8300
                                                                                                                                                                                                      Function 00007FFDFAAF41B4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                      • String ID: a unicode character$argument$combining
                                                                                                                                                                                                      • API String ID: 3979797681-4202047184
                                                                                                                                                                                                      • Opcode ID: 23a79bd7f21a28e7400453b17a2d46dedd5221c58aaec7069aa9642920e7cd67
                                                                                                                                                                                                      • Instruction ID: cf39789c273fe067e9173506bd81dbf0324870ca4fb6fcf8df02e4d40d940d57
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23a79bd7f21a28e7400453b17a2d46dedd5221c58aaec7069aa9642920e7cd67
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C015E64F08BC382EB2C9B65A8609B933A0BF09754F8406B5D56D472DDDE3CE59A8710
                                                                                                                                                                                                      Function 00007FFDFAAF2630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                      • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                      • API String ID: 3673501854-3989975041
                                                                                                                                                                                                      • Opcode ID: 89b48c636968bcc96ff5c1323bcf06e5fb317347bf56e69214e0fa8ba2ac5adf
                                                                                                                                                                                                      • Instruction ID: 8c5f60157708c4a264123bae55e1dc4912788ce100964be8503232cd72383e70
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89b48c636968bcc96ff5c1323bcf06e5fb317347bf56e69214e0fa8ba2ac5adf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0F0F621B09B8395EF4D9B11A86487873A8BF18B80B8414B2C96E063DCEF3CE04E8310
                                                                                                                                                                                                      Function 00007FF77C649AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                      • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                      • Instruction ID: 9ced3c645f015e697a5780e9d48ce8881e89055408235c85ab89a4174471f434
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75F0C822B3870681EB11AB10E4C473BA322AF8C765F940235CA6DC61F4DF2CD144C760
                                                                                                                                                                                                      Function 00007FFE013B10FA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                      • String ID: ..\s\ssl\pqueue.c$pqueue_new
                                                                                                                                                                                                      • API String ID: 1552677711-2823724430
                                                                                                                                                                                                      • Opcode ID: fb0ab7120b774717ea5e65c5d51e89b8a88c4a3480cf85109d1472291332eba0
                                                                                                                                                                                                      • Instruction ID: 47b5dc9632bb97e64d997977266cc33455813cb5afce5ce8868b137d9c6cb193
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb0ab7120b774717ea5e65c5d51e89b8a88c4a3480cf85109d1472291332eba0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1F082B1A2950786EB10AB25D491AFC3760EF94309F854030D60C0E6B2FD2CF586D711
                                                                                                                                                                                                      Function 00007FFE013B242D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_PrivateKey
                                                                                                                                                                                                      • API String ID: 1552677711-4052895991
                                                                                                                                                                                                      • Opcode ID: 9daced5f998ba57ab96cca589483a89accf4ae80a8c5eb3a5c4f322615c24db7
                                                                                                                                                                                                      • Instruction ID: 67377fd0762afbef8e51c5562bc788554212066606143828482a4167d4c88da6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9daced5f998ba57ab96cca589483a89accf4ae80a8c5eb3a5c4f322615c24db7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8E06D24F1A54282FB94A7649C966FC1292EF90308FE14031E10D4E6B2ED1CA5868741
                                                                                                                                                                                                      Function 00007FFE013E3AA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_lib.c$SSL_set_tlsext_max_fragment_length
                                                                                                                                                                                                      • API String ID: 1552677711-2316233728
                                                                                                                                                                                                      • Opcode ID: 608b61db3cdf58d17971493a14c54aa8bfca0a16146cdac516a42e646ef2d706
                                                                                                                                                                                                      • Instruction ID: 92346d1afca03631c1e9cc65df3a354cd19d68ea42611468f6bc01bd5bd44c2f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 608b61db3cdf58d17971493a14c54aa8bfca0a16146cdac516a42e646ef2d706
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0E01229E1A08187F794F364D8967ED1642DFA0301FD14031E10C4E6F2ED6DA5CB8612
                                                                                                                                                                                                      Function 00007FFE013CBFB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                      • API String ID: 1552677711-2204979087
                                                                                                                                                                                                      • Opcode ID: 97566e4984a999399f7175b0fee9c0cdaef0284998aed2d6b61526290154574e
                                                                                                                                                                                                      • Instruction ID: 043a854b7f74fbc8a466d4da55945df532a97a094324009b12f559c5ae3daf96
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97566e4984a999399f7175b0fee9c0cdaef0284998aed2d6b61526290154574e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78E01224F29452A3E394F760D8966FD1211EF94310FD04031E00C4A9F2EE2CA5868652
                                                                                                                                                                                                      Function 00007FFE013CBF50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                      • API String ID: 1552677711-2204979087
                                                                                                                                                                                                      • Opcode ID: 106ea3728cd96646050301ec46a3bce779a8684066028cd138f64911fd286165
                                                                                                                                                                                                      • Instruction ID: 043a854b7f74fbc8a466d4da55945df532a97a094324009b12f559c5ae3daf96
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 106ea3728cd96646050301ec46a3bce779a8684066028cd138f64911fd286165
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78E01224F29452A3E394F760D8966FD1211EF94310FD04031E00C4A9F2EE2CA5868652
                                                                                                                                                                                                      Function 00007FFDFACAAB30 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 381COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memcpy
                                                                                                                                                                                                      • String ID: hidden$vtable constructor called recursively: %s$vtable constructor did not declare schema: %s$vtable constructor failed: %s
                                                                                                                                                                                                      • API String ID: 3510742995-1299490920
                                                                                                                                                                                                      • Opcode ID: 2623641340c733b794af5866e5bcb4bdb6316ec65f5e7f2dcf12a73dcdb92bb2
                                                                                                                                                                                                      • Instruction ID: 0acecb21d154694bbcc4835b3afe3e53df0788889a0264df610222246f8db914
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2623641340c733b794af5866e5bcb4bdb6316ec65f5e7f2dcf12a73dcdb92bb2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CF1CC6AB19B8681EB588B11D460B7E77A1FB44B94F4482B1DE6D0B7D8DF3CE852C300
                                                                                                                                                                                                      Function 00007FFDFAC35C10 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 311COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memset
                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                      • API String ID: 2221118986-3764764234
                                                                                                                                                                                                      • Opcode ID: ba5d2802316911a7491cadce116daa97ccd6123211c9d747203731b79c4598ca
                                                                                                                                                                                                      • Instruction ID: 4a6f40287b55b5378e6c26fbf5077681cf27b0904b6409e7b00aa47643ae1bda
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba5d2802316911a7491cadce116daa97ccd6123211c9d747203731b79c4598ca
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27D1AD367087898AD768CF25E024AAD77A8FB88B84F558076DF9D47798DF39D481C300
                                                                                                                                                                                                      Function 00007FFDFAC392B0 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 193COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memcpy
                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                      • API String ID: 3510742995-3764764234
                                                                                                                                                                                                      • Opcode ID: 898f60ba5d30a691837549c26709609510d03b6403a49f9c5c703c2500f0ffd9
                                                                                                                                                                                                      • Instruction ID: c9a02be259be46012fe031c9919fab580dc58e2d29094830e69b744e0f9085c2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 898f60ba5d30a691837549c26709609510d03b6403a49f9c5c703c2500f0ffd9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E781DE7AB0878296EB58CB29D464BAD77A4FB48B84F008072DB5E477D9DF38E485C740
                                                                                                                                                                                                      Function 00007FFDFAC36C20 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 191COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                      • API String ID: 0-3764764234
                                                                                                                                                                                                      • Opcode ID: d7bbc113d95c405dff7a55cfefdeaeb98036685461038bdd9bca21eed79271cd
                                                                                                                                                                                                      • Instruction ID: d676ec28846c67d7b7ddb7ef07cfac7317edfe78810ea39580e9d789177f350d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d7bbc113d95c405dff7a55cfefdeaeb98036685461038bdd9bca21eed79271cd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1581E3267083D15AEB288B25D5A0ABEBBA0FB40B84F044176DBED476C9DF3CE495C750
                                                                                                                                                                                                      Function 00007FF77C6593D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _set_statfp
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1156100317-0
                                                                                                                                                                                                      • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                      • Instruction ID: c1bccfd014470de4f93a445bf6febcdfd3de8bd4f414ac617918c4f9659566c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A711BF63F3CA1301FB663124F5D6377A0476F5C360EA40634EB6EC62D6AE2CAC438120
                                                                                                                                                                                                      Function 00007FF77C64B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF77C64A613,?,?,00000000,00007FF77C64A8AE,?,?,?,?,?,00007FF77C64A83A), ref: 00007FF77C64B41F
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C64A613,?,?,00000000,00007FF77C64A8AE,?,?,?,?,?,00007FF77C64A83A), ref: 00007FF77C64B43E
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C64A613,?,?,00000000,00007FF77C64A8AE,?,?,?,?,?,00007FF77C64A83A), ref: 00007FF77C64B466
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C64A613,?,?,00000000,00007FF77C64A8AE,?,?,?,?,?,00007FF77C64A83A), ref: 00007FF77C64B477
                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF77C64A613,?,?,00000000,00007FF77C64A8AE,?,?,?,?,?,00007FF77C64A83A), ref: 00007FF77C64B488
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                      • Opcode ID: ccac5f17aa91da4f3bae42de7e7333904383ed8f97faa160faf07aaa8124ee46
                                                                                                                                                                                                      • Instruction ID: c5bef97d19db0611c37f6753456b20e2e42877948ced5a7867b92fcfcbd1940a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ccac5f17aa91da4f3bae42de7e7333904383ed8f97faa160faf07aaa8124ee46
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD114D36A38A0241FB5AB36595D117BF1535F8C7B0F848334D82DCA6DADE2CE7028721
                                                                                                                                                                                                      Function 00007FF77C64B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                      • Opcode ID: 189bd32c29972b75cbfb961d88c763c1323b9a0b7d58335ae669547dde4e0126
                                                                                                                                                                                                      • Instruction ID: edbe6294b333b6ed2f12b73631b5c1f2b24e4e87b45380b3f23166e9f87ceedd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 189bd32c29972b75cbfb961d88c763c1323b9a0b7d58335ae669547dde4e0126
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9211D226A3860641FB5A73A284A117BB1534F8D720F885734D92E8E2C2DD2CA7025222
                                                                                                                                                                                                      Function 00007FFE013B252C Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2231116090-0
                                                                                                                                                                                                      • Opcode ID: 5358efc33fb6e18c454b589764754550d33877bf110f5fb8f4b70bee4f8048f6
                                                                                                                                                                                                      • Instruction ID: c551cf78f65d7d5fc158fcaf6a9ab546e3d3b1bd8bb5b0a438bb53919bd545d4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5358efc33fb6e18c454b589764754550d33877bf110f5fb8f4b70bee4f8048f6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F014B25E0964280EF95A666A9557BC5290AF58BC0F594030EE4D4EBB7FE2CE4914701
                                                                                                                                                                                                      Function 00007FFE013B200E Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2231116090-0
                                                                                                                                                                                                      • Opcode ID: 311ce1e4a6a9474514a48b18637f768dcf6c3ad028354252edc0f8d4a87dfe69
                                                                                                                                                                                                      • Instruction ID: c6860248c290097f4e5966b2e62cba1c6add1ecdbdc4157fca594b125e4b8a44
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 311ce1e4a6a9474514a48b18637f768dcf6c3ad028354252edc0f8d4a87dfe69
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B016D25F0A64280FFD5A766A5957BD91909F54BD0F690030EE0D8FBE7FE2CE4914701
                                                                                                                                                                                                      Function 00007FF77C646010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: verbose
                                                                                                                                                                                                      • API String ID: 3215553584-579935070
                                                                                                                                                                                                      • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                      • Instruction ID: c0937a6d003a2bc45d3255ea6de0033a3cd4150c306ce904a5500011a30514df
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8591B673A3CA4691F762AF24D4903BFB692AB48B54FC44136DA498B3D5DE3CE7458320
                                                                                                                                                                                                      Function 00007FF77C64FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                      • API String ID: 3215553584-1196891531
                                                                                                                                                                                                      • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                      • Instruction ID: 52a6b65dd5cc80f40b595ec834c58158d6b3d525f66e6237ecdbe51c83c78dea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B81B333D3824395F7A66E25818067BB6E3AB19748FD54035DA09DF285DF2DE7028323
                                                                                                                                                                                                      Function 00007FFE013E1F98 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 214COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_new$R_set_debugX_new$X_free
                                                                                                                                                                                                      • String ID: ..\s\ssl\t1_enc.c$tls1_change_cipher_state
                                                                                                                                                                                                      • API String ID: 1274617517-2635170098
                                                                                                                                                                                                      • Opcode ID: 0037dc27bd105c92f0a519367c08924de81d128fbb679af6c868e3eb35bc142d
                                                                                                                                                                                                      • Instruction ID: 7cd891a8f39fb17f92f607868f2f805953abb7247e2e03e95cda860db99f701e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0037dc27bd105c92f0a519367c08924de81d128fbb679af6c868e3eb35bc142d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB31D332718B8196E359CB26D9807AA67D0FB88794F540135EF0C4B7A0DF3CE1A2CB00
                                                                                                                                                                                                      Function 00007FF77C63D6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 2395640692-1018135373
                                                                                                                                                                                                      • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                      • Instruction ID: 6965e2ac0e314fd2add5ffe01aa573cb129229d4cc9183fb06e58b3baa733d64
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45518333B396018ADB15EB15D494A7AB7A2EB48B98F904134DF4E87784DF7CE841C710
                                                                                                                                                                                                      Function 00007FF77C63EF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                                                                                                      • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                      • Instruction ID: a2a02dfb21cc193966ec202216a771b008e98c3e8b6102a07628f7df882fbbf0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E61AF33928BC581EB61AB15E4807AAF7A1FB88B84F444235EB9C47B95CF7CD194CB11
                                                                                                                                                                                                      Function 00007FF77C63F2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                                                      • API String ID: 3896166516-3733052814
                                                                                                                                                                                                      • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                      • Instruction ID: d693e4f61bb5b1242a56cebd355170672a6e035f31b01394ff97e53c60670301
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C51A23393824286EF65AE21908436AB692FB58B94F944175EA4D87796CF3CE450C722
                                                                                                                                                                                                      Function 00007FFE013B2699 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_server_name
                                                                                                                                                                                                      • API String ID: 0-1970769450
                                                                                                                                                                                                      • Opcode ID: 5c9d1c86b3ee07b7b72a52ca61cd4e0638b72d7c6e02d8d0b965126d0c4b85b8
                                                                                                                                                                                                      • Instruction ID: 4a968b8f96b20993243c139d6df4c0e1c16eeb396ff2cf8221b3bf00856d8b6a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c9d1c86b3ee07b7b72a52ca61cd4e0638b72d7c6e02d8d0b965126d0c4b85b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60318F11F1C14345FB66AB67B9517B91682AF85B84F485034EE0E8F6F6ED2CE8828700
                                                                                                                                                                                                      Function 00007FF77C637E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(00000000,?,00007FF77C63352C,?,00000000,00007FF77C633F23), ref: 00007FF77C637F22
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateDirectory
                                                                                                                                                                                                      • String ID: %.*s$%s%c$\
                                                                                                                                                                                                      • API String ID: 4241100979-1685191245
                                                                                                                                                                                                      • Opcode ID: 517c45005fecb665460f06d6deeb7a52b86fc8f3bacaeb8cdec2a0b3fdaf0698
                                                                                                                                                                                                      • Instruction ID: ce051cdecd649ffd4b8b906fc6b4726a4461688e1ba2e9fab7c7db271e23a92d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 517c45005fecb665460f06d6deeb7a52b86fc8f3bacaeb8cdec2a0b3fdaf0698
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7431BA22739AC145EB22A711A9907A7A355FF8CBE4F840231EE6D877C9DF2CD601C710
                                                                                                                                                                                                      Function 00007FF77C632810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                      • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                      • API String ID: 2030045667-255084403
                                                                                                                                                                                                      • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                      • Instruction ID: 1b4244a08fd30e2f190c53808feb9a4b1aee219eb70209380e508cd193ebd343
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF21B173B28B4192E712AB14B4807ABB3A1EB8C780F804132EE8D9765ADE3CD245C710
                                                                                                                                                                                                      Function 00007FFE013B1C8F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_alpn
                                                                                                                                                                                                      • API String ID: 193678381-4282401781
                                                                                                                                                                                                      • Opcode ID: 82db74567b07ca98429e2d491a144afa58134e21642959cb42d781465d250f73
                                                                                                                                                                                                      • Instruction ID: 9255d2546164c4c55ec7a001717f922eb557335cf1f83b2d848986738b259810
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82db74567b07ca98429e2d491a144afa58134e21642959cb42d781465d250f73
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B215E61B1814242F791AB56E5957FE2251EF44B88F480035EE4C4F6F6EF7DE8828300
                                                                                                                                                                                                      Function 00007FFE01401B85 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$ssl_next_proto_validate
                                                                                                                                                                                                      • API String ID: 193678381-4274311015
                                                                                                                                                                                                      • Opcode ID: 7dea40406266602161a6404743dd7ce781170104bfc31af87b83c6f7a9f0ceb9
                                                                                                                                                                                                      • Instruction ID: 7e9663b2173c55a1d2a8bc1342a26a0a1ec1fa16ecfe7db71f19b587aee95f64
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7dea40406266602161a6404743dd7ce781170104bfc31af87b83c6f7a9f0ceb9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3411CA72F1E58182EB559765E8503FA6390EF54744F449535EB8C4A6B1FF3CD6C08600
                                                                                                                                                                                                      Function 00007FFE013B1889 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_renegotiate
                                                                                                                                                                                                      • API String ID: 0-2485672351
                                                                                                                                                                                                      • Opcode ID: 9e2356e0d1aca21d8efb9cf5ed6ac8109dbbc19e3386223d1c3c152121950f0c
                                                                                                                                                                                                      • Instruction ID: 270530a78fe3f5d49fb216c75a7699c955dbee65eb8aa3909d30c203e33b4d49
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e2356e0d1aca21d8efb9cf5ed6ac8109dbbc19e3386223d1c3c152121950f0c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08116D21F1C54382FB54AB62FA917B91651AF847C8F881035EE0D4FAF7EE6CE9918740
                                                                                                                                                                                                      Function 00007FFE013B18F7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$tls_post_process_client_key_exchange
                                                                                                                                                                                                      • API String ID: 193678381-3756838607
                                                                                                                                                                                                      • Opcode ID: 57110426fcb3f328b78f79e07f141f40403a10eee66626d20c3a0f6ae89a6ee1
                                                                                                                                                                                                      • Instruction ID: 8ff3c7c22b74edc9d52bd173ddabc1f6db378063e157dcf66df88a5a34f7af77
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57110426fcb3f328b78f79e07f141f40403a10eee66626d20c3a0f6ae89a6ee1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C017C62F1950282F760ABA5D8867FD1291EFA0758F980430E50C8E2F2EE7DA9C2C201
                                                                                                                                                                                                      Function 00007FFDFAAF1EF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_SetString.PYTHON312(?,?,?,?,?,00007FFDFAAF1EDC), ref: 00007FFDFAAF3B31
                                                                                                                                                                                                        • Part of subcall function 00007FFDFAAF1FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAAF2008
                                                                                                                                                                                                        • Part of subcall function 00007FFDFAAF1FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAAF2026
                                                                                                                                                                                                      • PyErr_Format.PYTHON312 ref: 00007FFDFAAF1F53
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                      • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                      • API String ID: 3882229318-4056717002
                                                                                                                                                                                                      • Opcode ID: fe9fd46e1f898954a40cc435b1b2d9c6909a3f099c322250393b7a83e7c0a7cf
                                                                                                                                                                                                      • Instruction ID: 57bb60894a06f39daf8a7878e4b63d2387c6691a09303b42e3732b4f20174806
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe9fd46e1f898954a40cc435b1b2d9c6909a3f099c322250393b7a83e7c0a7cf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25112176B18B8791EB0C9B14D4A4AB47364FB88749F840572CB2D462E9DF6DE14FC700
                                                                                                                                                                                                      Function 00007FFE013B1375 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_write_transition
                                                                                                                                                                                                      • API String ID: 0-415349073
                                                                                                                                                                                                      • Opcode ID: cb928233245477158d164dc25a4f82f7329a45cbb3b201dbca18578d772069f8
                                                                                                                                                                                                      • Instruction ID: 98668013fc1fca65547231daed9e6a18179089daddccf7a4e4ffb12782cbd1ed
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb928233245477158d164dc25a4f82f7329a45cbb3b201dbca18578d772069f8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3401F522F2924283E754D755D8957FC2311EBA8744FE48032DA0C8F3B1DE2CE5C2C602
                                                                                                                                                                                                      Function 00007FFE013EDF9A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_printf$O_indent
                                                                                                                                                                                                      • String ID: %s (%d)$unexpected value
                                                                                                                                                                                                      • API String ID: 1715996925-1289549259
                                                                                                                                                                                                      • Opcode ID: b82d1fbfaac1b7f49c66747b67c6d75daf745cdbd783dcc07c1ce5a27fa2681d
                                                                                                                                                                                                      • Instruction ID: 11eab012857834bc8858e8928a6b2c1a3a78337d11184537a8354d181a1e0403
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b82d1fbfaac1b7f49c66747b67c6d75daf745cdbd783dcc07c1ce5a27fa2681d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0F0A920A0C74282E7209B95D0009BD3292EF90B80F964532EC0D0F6FDCE3CE646C205
                                                                                                                                                                                                      Function 00007FF77C64C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2718003287-0
                                                                                                                                                                                                      • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                      • Instruction ID: c7ab6ffb38eee2db5e57db636f10ec2fcfe27a63951b347fa77dbfaa6c59ab3a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97D13673B38A409AE712DF65D4801AD7772FB487D8B808235DE5E9BB89DE38D246C350
                                                                                                                                                                                                      Function 00007FFDFAC1DBB0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 249COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memset
                                                                                                                                                                                                      • String ID: %s-shm$readonly_shm$winOpenShm
                                                                                                                                                                                                      • API String ID: 2221118986-2815843928
                                                                                                                                                                                                      • Opcode ID: 8d2a6488cfe544708466a8bb6c48c74f0afd239d4f67e3118775d9e63ad55e06
                                                                                                                                                                                                      • Instruction ID: ab9263c6a49b0c09085c601ccf01bf458dd6aa7ed050dc1878bbeb080eb9dbb5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d2a6488cfe544708466a8bb6c48c74f0afd239d4f67e3118775d9e63ad55e06
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45C15B29B0AA4691EB5D9B21E860A7D33A0FF48B50F0446B5DA7E477E8EF3CE445C350
                                                                                                                                                                                                      Function 00007FFDFACA42F0 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?,?,?,?,00000080,?,00000000,00007FFDFACA47C2), ref: 00007FFDFACA449B
                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?,?,?,?,00000080,?,00000000,00007FFDFACA47C2), ref: 00007FFDFACA451E
                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?,?,?,?,00000080,?,00000000,00007FFDFACA47C2), ref: 00007FFDFACA460B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memcpy
                                                                                                                                                                                                      • String ID: RETURNING may not use "TABLE.*" wildcards
                                                                                                                                                                                                      • API String ID: 3510742995-2313493979
                                                                                                                                                                                                      • Opcode ID: 6bac7e3f1474ddabb9d0e3377e88d9ee408727fdfbaf5356aee17a161c2ff753
                                                                                                                                                                                                      • Instruction ID: eb1b6b4355a3c21a31a12e92cbbf4134ad87b14d462ac533a7798e019ef93e67
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bac7e3f1474ddabb9d0e3377e88d9ee408727fdfbaf5356aee17a161c2ff753
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAB18B26B08B8185EB18CF15E6606BD77A1FB84BA4F458275DA7D0B7D9DF38E194C300
                                                                                                                                                                                                      Function 00007FF77C64CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF77C64CFBB), ref: 00007FF77C64D0EC
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF77C64CFBB), ref: 00007FF77C64D177
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 953036326-0
                                                                                                                                                                                                      • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                      • Instruction ID: 9bcbff13d573288282b5b02289e3beb4b2873bfd979ac45536a91a6ebeef06f2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C791A723F3865195F792AF65D4C027FBBA2BB48B88F944135DF0E9B685CE38D6418720
                                                                                                                                                                                                      Function 00007FFDFAC95C50 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 197COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: %s.%s$column%d$rowid
                                                                                                                                                                                                      • API String ID: 0-1505470444
                                                                                                                                                                                                      • Opcode ID: d1fe2ab18ba4c5494ba92163807286c015e8439aac513501ae0b7842bd63adfc
                                                                                                                                                                                                      • Instruction ID: 139662e4f66925ae1e40e8bdaab8c815856993cabfca799a2f0dae47de1295f8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1fe2ab18ba4c5494ba92163807286c015e8439aac513501ae0b7842bd63adfc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66919B2AB08B8585EB24DB1594647AD6BA8FB49BB8F144366DE7C073C8DF3CD445C300
                                                                                                                                                                                                      Function 00007FFDFAAF1FD0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: strncmp
                                                                                                                                                                                                      • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                      • API String ID: 1114863663-87138338
                                                                                                                                                                                                      • Opcode ID: d800521c55394c3ad25b6a38125f6762d0e11982fd6218b3e6ef33505340922b
                                                                                                                                                                                                      • Instruction ID: 0b72d00f935feb8fb0e4e32ad12387113eeee796ab5745df8c589ff907b00085
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d800521c55394c3ad25b6a38125f6762d0e11982fd6218b3e6ef33505340922b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE61D972B1878246E76CCA19A820ABA7752EB80790F444275EA7947BDDDF3CD80F8704
                                                                                                                                                                                                      Function 00007FF77C64F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _get_daylight$_isindst
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4170891091-0
                                                                                                                                                                                                      • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                      • Instruction ID: 23ca9c12ba1978b4d5c20015507695e955a0a2c7a3bda9264c7e232cf9c106ba
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04513873F381118AFB15EF2499D16BEB7A2AB08358F900235DE1DD6AE4DB38E601C711
                                                                                                                                                                                                      Function 00007FFDFAC29360 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 140COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memset
                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                      • API String ID: 2221118986-3764764234
                                                                                                                                                                                                      • Opcode ID: 8f983514268cc7df1290e166eec0b47a294775388fb5c19de4c52b4ac99553b0
                                                                                                                                                                                                      • Instruction ID: 064804d008763a3bf989d73f456ba0bef3bd2e3f0a612ee835ff82702efe9f2f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f983514268cc7df1290e166eec0b47a294775388fb5c19de4c52b4ac99553b0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90518C2A708B8286EB58CB25D550AAD73E4FB48B84F584172DF6D43798EF38E451C340
                                                                                                                                                                                                      Function 00007FF77C6457EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2780335769-0
                                                                                                                                                                                                      • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                      • Instruction ID: 5abc24d194951af423cac8284e64c59d93a2f0c5a19dfef73498942b8bd932ab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F519233E38A418AFB11EF71D4903BE73A2AB48B58F944435DE4D9B689DF38D6418720
                                                                                                                                                                                                      Function 00007FF77C6320C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1956198572-0
                                                                                                                                                                                                      • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                      • Instruction ID: a1498169c64d959caea6e3caa2f081938b0370d7bf5f5b8b8bbd49c28f050398
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28117332B3C14242F756A769B6C427B9393EF8C780FD48030DF4946B9ACD2DD5958224
                                                                                                                                                                                                      Function 00007FFE013B1005 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: X509_$E_dupE_freeL_sk_pushX509_get_subject_name
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 417592659-0
                                                                                                                                                                                                      • Opcode ID: d898f3ffb57c24a07e9b536fd1af60fcb2fce05c4d73ee68e49ec288db6db6df
                                                                                                                                                                                                      • Instruction ID: a72543d338a81ebe4282349d7cd42c1870bbf9396bba783502e6bc68e9e79fb1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d898f3ffb57c24a07e9b536fd1af60fcb2fce05c4d73ee68e49ec288db6db6df
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0701AD71F0A64280EF85A766A5843BC51809F58BD0F594030FE4D8FBA7FD2CE4900305
                                                                                                                                                                                                      Function 00007FF77C63D080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                      • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                      • Instruction ID: 85532175cff1d26de166d2022245fc2d59380cc482b0a8a62b0afb519ab4363c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91111F26B28B05CAEB00DF60E8952BA73A4F75D758F440E31DE5D86764DF78D1548350
                                                                                                                                                                                                      Function 00007FF77C655B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: ?
                                                                                                                                                                                                      • API String ID: 1286766494-1684325040
                                                                                                                                                                                                      • Opcode ID: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                      • Instruction ID: 88d2bcf0ecf928fac81b21821be19b5a10c2a475332170f567da06d6ff908be3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8414E13B38A8241F7226715F48937BE652EB84BA4F60423AFF5C86AD9DE3CD441C710
                                                                                                                                                                                                      Function 00007FF77C649084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF77C6490B6
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9CE
                                                                                                                                                                                                        • Part of subcall function 00007FF77C64A9B8: GetLastError.KERNEL32(?,?,?,00007FF77C652D92,?,?,?,00007FF77C652DCF,?,?,00000000,00007FF77C653295,?,?,?,00007FF77C6531C7), ref: 00007FF77C64A9D8
                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF77C63CC15), ref: 00007FF77C6490D4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\lz4wnSavmK.exe
                                                                                                                                                                                                      • API String ID: 3580290477-2746711996
                                                                                                                                                                                                      • Opcode ID: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                      • Instruction ID: 0884d2bb8c2d310e2fbb5d8fd1a69ee41a417566bbc2a288e83b60453dedf8ae
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA418133A38A02C5E716BF2595C14BEB396EB4CBC4BD54035E94D8BB85DE3DD6818320
                                                                                                                                                                                                      Function 00007FF77C64CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                      • API String ID: 442123175-4171548499
                                                                                                                                                                                                      • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                      • Instruction ID: 3bf149a663416871a8e823433cc20b563adee1bb7297b462979e70c55afafde2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B141A323B38A5191DB219F25E4843AAB7A1FB98794F904131EE4DC7798EF3CD601C750
                                                                                                                                                                                                      Function 00007FFDFF3F2AF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1789715337.00007FFDFF3F1000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FFDFF3F0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789684258.00007FFDFF3F0000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789751805.00007FFDFF3F3000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789778567.00007FFDFF3F4000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1789802581.00007FFDFF3F5000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdff3f0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _wassert
                                                                                                                                                                                                      • String ID: (idx>=1) && (idx<=10)$src/AESNI.c
                                                                                                                                                                                                      • API String ID: 3234217646-2495715787
                                                                                                                                                                                                      • Opcode ID: f34cea9cfd06ae8d0bacecc527501edc0e611be2f02bd286901079fb247b3b81
                                                                                                                                                                                                      • Instruction ID: 6556685ba5fb9b2f2c6a7cf62c784e0df539f8a468d5c36ad50ebd462af6039f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f34cea9cfd06ae8d0bacecc527501edc0e611be2f02bd286901079fb247b3b81
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F21973390D3C14BD7034F7594A949C7FB0DBD6B50B89C2AAC79483696EAAC98C7C711
                                                                                                                                                                                                      Function 00007FF77C64F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentDirectory
                                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                                      • API String ID: 1611563598-336475711
                                                                                                                                                                                                      • Opcode ID: 4a9b1d6d16ab1fe6c903793d19c8bb2ed63e5c59599aead2cadc4c72b8df4769
                                                                                                                                                                                                      • Instruction ID: 8f8071e2971c9675147a6b75bf268c6153d44a2a205b82484bad481a81a6b509
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a9b1d6d16ab1fe6c903793d19c8bb2ed63e5c59599aead2cadc4c72b8df4769
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C21B163A3868182EB22AB11D48426EB3A3FB8CB44FD54035DA8C87694DF7CD7458B61
                                                                                                                                                                                                      Function 00007FFE01411D15 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: -
                                                                                                                                                                                                      • API String ID: 0-2547889144
                                                                                                                                                                                                      • Opcode ID: 2f2921c7d63689ddfb99d4ade919c5bad42a61964b70ce46f40baa056cf532e0
                                                                                                                                                                                                      • Instruction ID: 333d17d11b43be2556d34aa4f720860e86a723a3ea62d4c2182e269d4f2575d6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f2921c7d63689ddfb99d4ade919c5bad42a61964b70ce46f40baa056cf532e0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54118272B1814186FB949F2AE19437D2791EB88B58F840135DB0D4F7AAEF7CE4D58B00
                                                                                                                                                                                                      Function 00007FF77C63FDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                                                      • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                      • Instruction ID: 665d6b28388d0edd8538baf9d53b4f6abdfb3a9500b757e5eb582e0cd4a00c8c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D112E32628B8582EB629F15F44026AB7E5FB8CB84F984270DF8D47759DF3CD5518B10
                                                                                                                                                                                                      Function 00007FF77C6507AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1786050425.00007FF77C631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF77C630000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1785941435.00007FF77C630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786082771.00007FF77C65B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C66E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786109346.00007FF77C671000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786251212.00007FF77C674000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff77c630000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                                      • API String ID: 2595371189-336475711
                                                                                                                                                                                                      • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                      • Instruction ID: c656d7984cd14de5c632a01b0ede08d5dc3cad7d8b4d8280c2711c614798db73
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33012523A3C60385F772BF60A4A627FB6A1EF4C748FD40435D64DC6691EE3CE5448A24
                                                                                                                                                                                                      Function 00007FFDFAAF4B18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                      • String ID: no such name
                                                                                                                                                                                                      • API String ID: 3678473424-4211486178
                                                                                                                                                                                                      • Opcode ID: ac25febba8f5bdc0c9cfa2e9817e8debf067cef10677f4d15bb58f151aba3dd9
                                                                                                                                                                                                      • Instruction ID: f55890667bc20d7be07b9fd0728f2820a0255ba1482f28e6940a9e810ca799e0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac25febba8f5bdc0c9cfa2e9817e8debf067cef10677f4d15bb58f151aba3dd9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6601127171878282EB5D9B21E860BA57394BB58784F440071DA5E467D9DF2CE10A8600
                                                                                                                                                                                                      Function 00007FFE01411CD7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                      • String ID: '
                                                                                                                                                                                                      • API String ID: 3946675294-1997036262
                                                                                                                                                                                                      • Opcode ID: 16a3f063fb489d9ee8e277fc181f23d388cc933931c730453a8515b2dc5c4302
                                                                                                                                                                                                      • Instruction ID: 882eb2ce5fa62ddca84004d66cdfabe3ee069f2193b294d6495e866419897eac
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16a3f063fb489d9ee8e277fc181f23d388cc933931c730453a8515b2dc5c4302
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FF09062B0824186EB949F26E0C437D2791EB88B48F584139DB0D4F7EBDE7CD4C58700
                                                                                                                                                                                                      Function 00007FFE01411C1A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                      • String ID: &
                                                                                                                                                                                                      • API String ID: 3946675294-1010288
                                                                                                                                                                                                      • Opcode ID: 13b142fd60ad240493ca7e773f80bdca150b6ad7018b79b77a9fe981096409fd
                                                                                                                                                                                                      • Instruction ID: c2985a78572cc2735d809ea7d115981c106a7b079b487c17c5d88ab410f88a8d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13b142fd60ad240493ca7e773f80bdca150b6ad7018b79b77a9fe981096409fd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48F09072B0824186EB94DF2AE0C437D2791EB88B48F584135DB0D4F7AADE7CD4C18700
                                                                                                                                                                                                      Function 00007FFE013B22C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: M_construct_endM_construct_octet_string
                                                                                                                                                                                                      • String ID: ssl3-ms
                                                                                                                                                                                                      • API String ID: 587842064-1523337083
                                                                                                                                                                                                      • Opcode ID: 07f37fcf04e0682dd5abfe62096895e85e18a59595d055de32fe19738c2c0bd8
                                                                                                                                                                                                      • Instruction ID: 2062ae05cfeb1e7a8af9f43e73b81d2999b2b06c970b6a8836e6778463c2d1ea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07f37fcf04e0682dd5abfe62096895e85e18a59595d055de32fe19738c2c0bd8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C201EC52C08F8982E711DF38C5511BC7770FBA9B48B55A321EB8D26167EF28E2D5D740
                                                                                                                                                                                                      Function 00007FFE01425ABE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1791517135.00007FFE013B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE013B0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791490726.00007FFE013B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791517135.00007FFE01433000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791623570.00007FFE01435000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791687277.00007FFE0145D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01462000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01468000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1791713879.00007FFE01470000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffe013b0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3946675294-3916222277
                                                                                                                                                                                                      • Opcode ID: abd56ec179e8dc511f12abdbc92a8f9a103b85c798d31762858c552181ab4736
                                                                                                                                                                                                      • Instruction ID: 32a50d6aa3ffcf1e11fb955c34e1793ad5f76af242d42506137b00020689c5e2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: abd56ec179e8dc511f12abdbc92a8f9a103b85c798d31762858c552181ab4736
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90F0A061F0524246FB945B2290D53BD1680DBA4B48F944034CA0C0F7E6DEFD94D58741
                                                                                                                                                                                                      Function 00007FFDFAAF25C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyObject_GC_New.PYTHON312(?,?,00000000,00007FFDFAAF2533), ref: 00007FFDFAAF25C6
                                                                                                                                                                                                      • PyObject_GC_Track.PYTHON312(?,?,00000000,00007FFDFAAF2533), ref: 00007FFDFAAF25F8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787017206.00007FFDFAAF1000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFAAF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1786994843.00007FFDFAAF0000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAAF5000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB52000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFAB9E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABA7000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787038304.00007FFDFABFF000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787230849.00007FFDFAC02000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787251719.00007FFDFAC04000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaaf0000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Object_$Track
                                                                                                                                                                                                      • String ID: 3.2.0
                                                                                                                                                                                                      • API String ID: 16854473-1786766648
                                                                                                                                                                                                      • Opcode ID: f91d149df4c654f8be0df0ef2da4b36c9d06b56ee9d54162962ccaca08fa2000
                                                                                                                                                                                                      • Instruction ID: 02d21927e0a75b9458f6f4f17aa494bc07f12c5b049972115885ac767621e0fc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f91d149df4c654f8be0df0ef2da4b36c9d06b56ee9d54162962ccaca08fa2000
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1E0ED24B15B8291EF1D9B11E8644A473A8EF18705B5401B5CD6D02398EF3CE16EC240
                                                                                                                                                                                                      Function 00007FFDFAC5ABE0 Relevance: 5.2, APIs: 4, Instructions: 223COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memcpy$memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 438689982-0
                                                                                                                                                                                                      • Opcode ID: 063867daf08dc840c18da87f71504e9cfd181ef9bf5db64338ac6d78780bbdb1
                                                                                                                                                                                                      • Instruction ID: 55c8c5caa7a4a06d71ee9891b8e300187cc9e483d4c7a85fdae7fc092589641c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 063867daf08dc840c18da87f71504e9cfd181ef9bf5db64338ac6d78780bbdb1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B691E236B186818AE728CB179524A6E76A0FF45BD0F048175FE6D07BC9DF3CE4A18B40
                                                                                                                                                                                                      Function 00007FFDFAC5B340 Relevance: 5.2, APIs: 4, Instructions: 220COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000001.00000002.1787290190.00007FFDFAC11000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAC10000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787270770.00007FFDFAC10000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787400841.00007FFDFAD3E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787438247.00007FFDFAD6B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000001.00000002.1787459973.00007FFDFAD70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac10000_lz4wnSavmK.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memcpy
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3510742995-0
                                                                                                                                                                                                      • Opcode ID: 3f859ac6ac02e878cf440436bbbe9bcf4ba2bca3893d27bab73cb4c77d7d8bd1
                                                                                                                                                                                                      • Instruction ID: b16b3b2963936f5a7b42c702d44c4610bf9fed77a3b4113f91a12f2791d7dda5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f859ac6ac02e878cf440436bbbe9bcf4ba2bca3893d27bab73cb4c77d7d8bd1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B991A239B097468AEB6C9E16D164A6D7A94FB44BD0F584274EE6D077C9EF3CE4108700